4.250.v5a_d993226437
github-actions
released this
20 Apr 21:24
·
10 commits
to refs/heads/master
since this release
Improve security by verifying signature of provider's idtoken and, if applicable, userinfo. This requires the configuration of the JWKS endpoint of the provider; this is automatic if auto mode is used. At the same time, the idtoken generation and expiry times are verified as per idtoken token verification specs.
A new flag can be configured for bypassing the new checks.
🚀 New features and improvements
- Add JWKS parameters for verifying web token signatures (#297) @michael-doubez
🚩 Known issues
- Issue(#304): JWKS server URL is expected to contain
alg
parameter which breaks login - workaround: use new flag to disable token signature verification
👻 Maintenance
- Add open rewrite to pom.xml (#298) @michael-doubez