guard icon indicating copy to clipboard operation
guard copied to clipboard
verified publisher icon kubeguard

WIP - Add nonce validation in PoP token verifier

Open julienstroheker opened this issue 2 years ago • 3 comments

Making sure nonce claim is not been re-used more than once on each requests.

  • Validating if nonce claim is present as string
  • Saving each nonce claim value into a map (cache)
  • Validating that each requests is having a difference nonce claims by checking the values in the cache.
  • Refactoring big cache library to be used on authn and authz side
  • Cleaning the cache after TTL pop token expiration + 1minutes by spawning a go routine for each calls

julienstroheker avatar Jun 14 '23 00:06 julienstroheker

@julienstroheker is this PR still open?

weinong avatar Aug 09 '23 01:08 weinong

Yes. I was waiting the UT refactor pr to merge first.

julienstroheker avatar Aug 09 '23 12:08 julienstroheker

Still holding this PR due to changes we do on RBAC. This requires more tests + to review PR comments.

PLEASE DO NOT MERGE

julienstroheker avatar Dec 11 '23 20:12 julienstroheker