No, this is not a typo. This post will tell you how to prevent some headache with JWT iss claims in cbsecurity. It is quite easy to solve, but since I just spent several hours debugging some very nasty JWT authentication problem, I thought it might be worth sharing. Bottom line: if you are using the iss
claim in JWT make sure you specify it yourself, so don’t rely on the default (although that might look attractive). Better yet: ALWAYS specify the issuer claim, even if you think you are not using it. Only read the rest of this post if you really want to know why.
Month: August 2020
Yesterday someone had an interesting use case for the cbvalidation
library. I presented at ITB2020 about cbvalidation, and I’ve contributed some code so I thought it had no secrets anymore. But when trying to solve this case I discovered cbvalidation still had some hidden lines for me. When discussing this validation problem we tried to solve it with UDF validators, but -spoiler alert-finally we agreed it was not powerful enough. So time to build a CustomValidator, which is a lot easier than you might think.
Recent Comments