Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Duplicate
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backport Requested:

v7.3, v7.0
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

A OIDC conformant JWT may contain multiple aud claims. Tokens of this form are rare, because the semantics of their claims can be unclear. Because the audience is used to identify authentication principals, we should reject tokens with multiple audiences.

is duplicated by

SERVER-86607 Reject access tokens with multiple audience claims

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Spencer Jackson
Participants:: [DO NOT USE] Backlog - Security Team, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Feb 13 2024 08:30:11 PM UTC
Updated:: Feb 14 2024 01:00:44 AM UTC
Resolved:: Feb 13 2024 09:57:24 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates