Google Git
Sign in
apache / couchdb / 3aa3f1d38ecad9b6b0534478485354ecf404b079
commit3aa3f1d38ecad9b6b0534478485354ecf404b079[log] [tgz]
authorRobert Newson <rnewson@apache.org>Thu May 16 14:53:47 2024 +0100
committerRobert Newson <rnewson@apache.org>Thu May 16 17:22:50 2024 +0100
treef12ab18fcbec84ddbdcfec716b20f3f473c3325b
parent7e5e0ac74fc12ebc8e5d54bd14bb04c3671731ab [diff]
JWT: require valid `exp` claim by default

Users of JWT rightly expect tokens to be considered invalid once they expire. It
is a surprise to some that this requires a change to the default
configuration. In the interest of security we will now require a valid `exp`
claim in tokens. Administrators can disable the check by changing
`required_claims` back to the empty string.

We do not add `nbf` as a required claim as it seems to not be set often in
practice.

closes https://github.com/apache/couchdb/issues/5046
2 files changed
tree: f12ab18fcbec84ddbdcfec716b20f3f473c3325b
  1. .devcontainer/
  2. .github/
  3. bin/
  4. build-aux/
  5. config/
  6. dev/
  7. nouveau/
  8. rel/
  9. share/
  10. src/
  11. support/
  12. test/
  13. .asf.yaml
  14. .credo.exs
  15. .formatter.exs
  16. .gitattributes
  17. .gitignore
  18. .mailmap
  19. .readthedocs.yaml
  20. BUGS.md
  21. COMMITTERS.md
  22. configure
  23. configure.ps1
  24. CONTRIBUTING.md
  25. CONTRIBUTORS.in
  26. erlang_ls.config
  27. INSTALL.Unix.md
  28. INSTALL.Windows.md
  29. LICENSE
  30. make.cmd
  31. Makefile
  32. Makefile.win
  33. mix.exs
  34. NOTICE
  35. README-DEV.rst
  36. README.rst
  37. rebar.config.script
  38. setup_eunit.template
  39. version.mk