Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

light-4j 1.6.x : Add option to allow JWTVerifyHandler to skip token validation #2255

Open
mihai-vladuc opened this issue Jun 5, 2024 · 2 comments
Open

light-4j 1.6.x : Add option to allow JWTVerifyHandler to skip token validation #2255

mihai-vladuc opened this issue Jun 5, 2024 · 2 comments

Comments

@mihai-vladuc
Copy link

Add a new property "skipSignatureAndExpirationCheck" with a default value of false to security.yml. When skipSignatureAndExpirationCheck is true, then add code to skip token validation – and ONLY skip token validation... JWTVerifier must still execute ALL OTHER existing functions.
@stevehu
Copy link
Contributor

stevehu commented Jun 6, 2024

@mihai-vladuc I am assuming that the change can help the developers skip the token validation in the early stage of the application development. If that is the case, should we backport the skipPathPrefixes to 1.6.x branch? It is more visible and easily to be removed when deploying to higher environments. What do you think?

@mihai-vladuc
Copy link
Author

@stevehu This issue was opened with a specific business case in mind: to skip token “signature” and “expiration”. But we need others token functionalities, such as the “claims”. We don’t want to totally skip the token functionality.
We’ll keep in mind “skipPathPrefixes” configuration parameter and we’ll be opening another issue for that if we'll need it. Thank You !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevehu @mihai-vladuc