Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT client token validation #2

Closed
c0c0n3 opened this issue Dec 17, 2019 · 2 comments
Closed

JWT client token validation #2

c0c0n3 opened this issue Dec 17, 2019 · 2 comments
Labels
feature
Milestone
First public demo

Comments

@c0c0n3
Copy link
Member

c0c0n3 commented Dec 17, 2019

@gboege needs refinement.
@c0c0n3 c0c0n3 added the feature label Dec 17, 2019
@c0c0n3 c0c0n3 added this to the First public demo milestone Dec 17, 2019
@gboege
Copy link
Collaborator

gboege commented Dec 17, 2019

Extract the DAT-JWT from header-Header Object and validate it with the CA public key (included in the provided cert files) They have issued and signed the DAT-JWT

@c0c0n3 c0c0n3 mentioned this issue Jan 13, 2020
Merged
@c0c0n3
Copy link
Member Author

c0c0n3 commented Jan 13, 2020

Implemented by PR #12 even though it should've been done in a separate PR---see note there about it.

For the record, we validate the input JWT data and verify its provenance using a configurable RSA public key. We make sure the following is true:

  • the JWT data is well-formed;
  • the token got signed with the private key paired to the configured pub key;
  • if present, exp ("expires at") contains a date in the future;
  • if present, iat ("issued at") contains a date in the past;
  • if present, nbf ("not before") contains a date in the past.

Notice that at the moment if any of the above standard claims (i.e. fields exp, iat, nbf) gets set to 0, we just ignore that field during validation, so e.g. this token

{ alg: RS256 }.{ exp: 0 }.valid-rs256-signature

passes validation with flying colours even though it expired at the beginning of the epoch! We have an issue about this, see #14.

@c0c0n3 c0c0n3 closed this as completed Jan 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
First public demo
Development

No branches or pull requests
2 participants
@c0c0n3 @gboege