Closed
Bug 779950
Opened 12 years ago
Closed 12 years ago
Verify JWT claims
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P5)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: andy+bugzilla, Unassigned)
References
Details
To prevent re-use of JWT, we should be verifying the claims in the JWT. Kumar does this in inapp pay, but we should do it as well in solitude to prevent the re-use of JWT tokens. http://moz-inapp-pay.readthedocs.org/en/latest/#moz_inapp_pay.verify.verify_claims
|
||
Comment 1•12 years ago
|
||
you mean just for solitude's JWT communication with Marketplace, right?
|
Reporter | |
Comment 2•12 years ago
|
||
yup, but there's no reason we can't do the checks for other relevant jwt's too
|
|
||
Comment 3•12 years ago
|
||
I'm working on a patch to verify claims of the BlueVia JWT in Marketplace after we verify the sig using solitude.
|
|
Reporter | |
Comment 4•12 years ago
|
||
Sounds good.
|
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•