-
Karl Harbour replied to the topic JSON Web Tokens created by OpenIG do not seem to have built-in expiration? in the forum Identity Gateway 6 years, 9 months ago
I was thinking the same re: ScriptableFilter, however I am generally of the view that implementation of security features should be left to the experts – in other words, I think OpenIG should support this out of the box. So, feature request raised: https://bugster.forgerock.org/jira/browse/OPENIG-733
-
Karl Harbour started the topic JSON Web Tokens created by OpenIG do not seem to have built-in expiration? in the forum Identity Gateway 6 years, 9 months ago
As far as I can tell, the JSON Web Tokens created by OpenIG do not have an expiration time, as per https://tools.ietf.org/html/rfc7519#page-9 section 4.1.4.
Although the “exp” (Expiration Time) Claim is OPTIONAL, I think without it there is the possibility of a replay attack?
-
Karl Harbour's profile was updated 6 years, 9 months ago