This repository has been archived by the owner on Nov 29, 2021. It is now read-only.
tsec-http4s: why is jti mandatory? #323
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I noticed (after a debug session) that when using an "unbacked in bearer token" authenticator (at least, didn't try the others), the jti is mandatory. It is unexpected as described in the RFC (https://tools.ietf.org/html/rfc7519#section-4.1.7).
Maybe I missed something, but in my opinion the behavior is incorrect.
The text was updated successfully, but these errors were encountered: