Skip to content

JWT validation missing aud validation #1042

New issue
New issue
Closed
Closed
JWT validation missing aud validation#1042
Assignees
chrisdunelm
Labels
Type: Enhancementpriority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.
Milestone
 
v1.28
@labramusic

Description

@labramusic
labramusic
opened on Jun 20, 2017

The method ValidateAsync in GoogleJsonWebSignature.cs doesn't seem to check if aud value in the ID token is equal to user's app’s client ID as described in the third step here: https://developers.google.com/identity/protocols/OpenIDConnect#validatinganidtoken.
Maybe the method should receive some sort of audience similar to how Java api's GoogleIdTokenVerifier does or is this intended to be done manually after validation using async method?

Metadata

Metadata

Assignees

Labels

Type: Enhancementpriority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions