You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OAuth2 JWT Bearer tokens may contain a jku claim, indicating the URL where the jwks can be downloaded, then the corresponding kid within that jwks is used to verify the JWT signature.
This requires a whitelist for jku to prevent abuse, perhaps as web origins.
OAuth2 JWT Bearer tokens may contain a
jkuclaim, indicating the URL where thejwkscan be downloaded, then the correspondingkidwithin thatjwksis used to verify the JWT signature.This requires a whitelist for
jkuto prevent abuse, perhaps as web origins.{ "jku": "https://evil.com/.well-known/jwks.json" }In this example,
https://evil.comwould not be on the whitelist so this token would not be validated.Automatically downloaded
jkuURLs can be cached as an optimization and to limit external interference with runtime performance.The text was updated successfully, but these errors were encountered: