Skip to content

4.250.v5a_d993226437
Compare
Choose a tag to compare
@github-actions github-actions released this 20 Apr 21:24
· 10 commits to refs/heads/master since this release
4.250.v5a_d993226437
5ad9932
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Improve security by verifying signature of provider's idtoken and, if applicable, userinfo. This requires the configuration of the JWKS endpoint of the provider; this is automatic if auto mode is used. At the same time, the idtoken generation and expiry times are verified as per idtoken token verification specs.

A new flag can be configured for bypassing the new checks.

🚀 New features and improvements

🚩 Known issues

  • Issue(#304): JWKS server URL is expected to contain alg parameter which breaks login - workaround: use new flag to disable token signature verification

👻 Maintenance

Contributors

michael-doubez
Assets 2