Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate id token on service account token request #53

Open
j-zimnowoda opened this issue Dec 9, 2020 · 0 comments
Open

Validate id token on service account token request #53

j-zimnowoda opened this issue Dec 9, 2020 · 0 comments
Assignees
@pbalogh-sa
Labels
community enhancement New feature or request

Comments

@j-zimnowoda
Copy link

Is your feature request related to a problem? Please describe.
Currently, there is no identity validation on GET /tokens/{saNme} request
It means that any malicious actor can request SA token, if SA has been already created.

Describe the solution you'd like to see

  • add Authorization header that contains ID token for GET /tokens/<sa-name> request,
  • validate Authorization header content by validating ID token signature.
@pbalogh-sa pbalogh-sa added community enhancement New feature or request labels Dec 14, 2020
@pbalogh-sa pbalogh-sa self-assigned this Jan 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pbalogh-sa pbalogh-sa

Labels
community enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pbalogh-sa @j-zimnowoda