Ethan Mills
Ethan Mills
I've also opened https://github.com/alphagov/tdt-documentation/pull/199 for the documentation to go along with this
@bdemers the headline here is still an issue (the method throws undocumented `java.lang.IllegalArgumentException` and `com.okta.commons.http.HttpException`). I'd also suggest checking the `exp` of the token _before_ verifying the signature; we're seeing...
Is there a concern about malicious content, or just false information? I think you have to decode the payload to get the issuer before you can fetch the keys anyway,...
Thanks for the reply @bdemers . I appreciate what you're getting at, but think that it doesn't quite cover the whole picture. Consider the case where a resource server trusts...
@danielmorrison are you able to add anything to this?