Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2: Remove exp and iat from ID token header #787

Closed
aeneasr opened this issue Feb 22, 2018 · 3 comments
Closed

oauth2: Remove exp and iat from ID token header #787

aeneasr opened this issue Feb 22, 2018 · 3 comments
Assignees
@aeneasr
Labels
bug Something is not working.
Milestone
1.0.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented Feb 22, 2018 

{
  "alg": "HS256",
  "iat": 1519302684,
  "exp": 1519306284
}
@aeneasr aeneasr added the bug Something is not working. label Feb 22, 2018
@aeneasr aeneasr added this to the 1.0.0-alpha.1 milestone Feb 22, 2018
@aeneasr aeneasr self-assigned this Feb 22, 2018
@mdziemianko
Copy link

seems like that might break compatibility with some standard python librariees like flask oidc (it uses itsdangerous see https://github.com/pallets/itsdangerous/blob/master/itsdangerous.py)

@aeneasr
Copy link
Member Author

aeneasr commented Feb 22, 2018

It doesn't belong there though, the spec clearly puts it in the JWT claims.

@aeneasr
Copy link
Member Author

aeneasr commented Feb 22, 2018

It wasn't a bug in hydra but the mentioned library instead.

@aeneasr aeneasr closed this as completed Feb 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
bug Something is not working.
Projects
None yet
Milestone
1.0.0-alpha.1
Development

No branches or pull requests
2 participants
@aeneasr @mdziemianko