krakend-jose issues

"propagate_claims" with empty array value got 500 and empty resp body

2

I'm using "propagate_claims" and want to put the header value with its token data. But suddenly i got 500 response code and no body response when i got empty array....

AlAnwari-ari

try to reproduce issue of empty array returning an error

dhontecillas

Add anti token sidejacking measures

1

as suggested here: https://github.com/krakendio/krakend-ce/issues/460 https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html#token-sidejacking

kpacha

enhancement

Allow 'any' matching strategy for audience claim

The audience matching configuration takes a list of audience values and a token is considered valid when _all_ values are present in the token. In scenarios where a backend is...

dschanoeh

Support signed cookies

As I understand, pull #2 only allow to use unsigned cookies. Is there a way to use signed ones? Thanks.

kereslas

Support non HTTP JWT validation

Need to expose functions without a dependency on the `http` package to validate JWT

dhontecillas

replace go-jose.v2 with newer version because it is vulnerable to CVE-2024-28180

1

Based on the advisory in this link, the `go-jose.v2` is vulnerable: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g I tried to fix in my local clone of krakend-jose, but it seems that the underlying dependency of...

gunturaf

krakend-jose
krakend-jose copied to clipboard

Metadata

"propagate_claims" with empty array value got 500 and empty resp body