Replies: 2 comments 2 replies
-
|
/cc @pedroigor (oidc), @sberyozkin (oidc) |
Beta Was this translation helpful? Give feedback.
-
|
@madocx As far as #39249 is concerned, I don't mind it being backported to 3.8 as it is quite simple. It is not really a bug fix because the iat is a required claim in the OIDC space, but indeed, it won't work for some tokens like those issued by some of Amazon services like ALB and others. I can add a backport label and let @gsmet decide |
Beta Was this translation helpful? Give feedback.
-
|
Thanks so much! Agreed that its not a bug fix - cognito actually even issues an iat claim, but for whatever reason moto is resistant to adding it. |
Beta Was this translation helpful? Give feedback.
-
|
@madocx Np at all, there are some providers which won't add it, so it makes sense to have an option to support such cases. But I don't know if it will make it to LTS as a few releases have already gone out |
Beta Was this translation helpful? Give feedback.
-
We've run into an issue where we're trying to write some unit tests for an api using the OIDC extension and are utilizing a moto container to mock cognito, but the jwts do not contain an "iat" claim.
It looks like version 3.9 of the OIDC extension added the ability to disable this claim validation, but its not available on the LTS version (3.8).
https://quarkus.io/guides/security-oidc-configuration-properties-reference#quarkus-oidc_quarkus-oidc-token-issued-at-required
Will this eventually be added to the LTS version, or are there any other recommendations as to how we may be able to resolve this? This config value seems to give us exactly what we need, but would prefer to stay on LTS.
Beta Was this translation helpful? Give feedback.
All reactions