Verify exp claim/field even if it's not present #363
Comments
|
The main focus of this gem is about verifying the validity and correctness of the token itself. The RFC that it follows requires that the token be deemed invalid if those claims are provided and not correct. What I believe you're looking for is policy enforcement beyond the RFC - i.e. not just "is this token valid?" but "does this token match my application's requirements?". This gem's focus is the first question, because the second is a much, much harder problem to solve generically because of the multitude of ways in which JWTs are used... For example, in some use cases, I would suggest creating a wrapper that first uses the gem's verify to assert the token's correctness, then to assert any policy you may have such as |
|
I understand your point but, I'll try to find a nice way to validate the presence of these claims 👍 |
Is there a way to enforce the verification of
exporiatclaim/field? I checked the implementation and claims/fields are only verified if they are present. In my opinion there should be a way to force the verification and prevent mistakenly not adding these claims. What do you think?The text was updated successfully, but these errors were encountered: