Status

Marketplace
Payments/Refunds
P5
normal
RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: Andy McKay, Unassigned)

Tracking

x86
Mac OS X
Points:
---

Details

(Reporter)

Description

6 years ago
To prevent re-use of JWT, we should be verifying the claims in the JWT. Kumar does this in inapp pay, but we should do it as well in solitude to prevent the re-use of JWT tokens.

http://moz-inapp-pay.readthedocs.org/en/latest/#moz_inapp_pay.verify.verify_claims
you mean just for solitude's JWT communication with Marketplace, right?
(Reporter)

Comment 2

6 years ago
yup, but there's no reason we can't do the checks for other relevant jwt's too
I'm working on a patch to verify claims of the BlueVia JWT in Marketplace after we verify the sig using solitude.
(Reporter)

Comment 4

6 years ago
Sounds good.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.