reactive-interaction-gateway icon indicating copy to clipboard operation
reactive-interaction-gateway copied to clipboard

Published 20 hours ago verified publisher icon Accenture

Subscriptions controller: Ignore JWTs that can't be validated

Open kevinbader opened this issue 3 years ago • 0 comments

Fixes #377.

  • For subscription requests, JWTs that can't be validated are now ignored. This allows to validate JWTs in an external service as configurable via the SUBMISSION_CHECK and SUBSCRIPTION_CHECK environment variables (which was the intention all along).

  • Response code changed: when connecting and subscribing at the same time, RIG replies with 403 (instead of 400) when not authorized to do so.

  • Ill-formed JWTs no longer cause subscription requests to fail.

  • Fixed SUBMISSION_CHECK=jwt_validation - it failed the check anytime, regardless of whether the JWT was valid.

kevinbader avatar May 23 '21 20:05 kevinbader