Hi, +1 to the proposed setting since it ensures backward compatibility.
El vie., 8 nov. 2019 a las 10:16, Jonathan Gallimore (< [email protected]>) escribió: > Hi All, > > At present TomEE will reject JWT tokens where the exp claim is a timestamp > that is in the past. We also reject tokens where there is no exp claim at > all. > > I propose adding a setting which will allow tokens without an exp claim to > be accepted (see https://tools.ietf.org/html/rfc7519#section-4.1.4 - using > exp is optional). > > The current behavior (not allowing a token without an exp claim) would be > the default, and the option to allow tokens without an exp would need to be > explicitly enabled. > > Are there any objections? > > Jon > -- Atentamente: César Hernández.
