Philip Zampino created KNOX-3140:
------------------------------------
Summary: JWTProvider requires metadata for bearer tokens if
server-managed is true
Key: KNOX-3140
URL: https://issues.apache.org/jira/browse/KNOX-3140
Project: Apache Knox
Issue Type: Improvement
Components: Server
Affects Versions: 2.2.0
Reporter: Philip Zampino
Assignee: Philip Zampino
If the JWTProvider server-managed param is set to true, then when validating a
bearer token, it requires that the token be server-managed (i.e., have metadata
in the token state service). While bearer tokens may optionally have
server-managed state, they should not be required to have it, and should be
able to be validated/verified without it.
This requirement appears to be due to the, what should be optional,
server-managed expiration, which throws an UnknownTokenException if the JWT was
issued by a KNOXTOKEN service with server-managed=false.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
