Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to disable signature-type "none" #127

Open
milnet2 opened this issue Jul 24, 2020 · 2 comments
Open

Option to disable signature-type "none" #127

milnet2 opened this issue Jul 24, 2020 · 2 comments
Assignees
@HJianBo
Labels
Feature-Request
Milestone
4.3-alpha.1

Comments

@milnet2
Copy link

milnet2 commented Jul 24, 2020

It would be nice to have a configuration option to disallow certain signature-types for JWT tokens or at least the "none"-type.

It will be nice if that worked "out of the box" at some point.
Thank you for your consideration.
@HJianBo HJianBo self-assigned this Jul 25, 2020
@HJianBo HJianBo added this to the 5.0-beta.1 milestone Jul 25, 2020
@HJianBo
Copy link
Member

HJianBo commented Jul 25, 2020

It seems to me that all of these configurations should be necessary to get it right. What trouble has it caused? Can you have a more detailed example?

@milnet2
Copy link
Author

milnet2 commented Jul 26, 2020

Thank you for picking this up.

In our case the none-type is disallowed for legal reasons: We are using emqx as a broker for a medical application. A regulatory document explicitly states, this signature-type may not pass validation of a token.

Other than this emqx was a breeze to set up and we are really happy with it.

@HJianBo HJianBo modified the milestones: 5.0-beta.1, 4.3-alpha.1 Dec 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HJianBo HJianBo

Labels
Feature-Request
Projects
None yet
Milestone
4.3-alpha.1
Development

No branches or pull requests
2 participants
@milnet2 @HJianBo