active-directory icon indicating copy to clipboard operation
active-directory copied to clipboard

Published 20 hours ago verified publisher icon magium

No JWT validation

Open mims92 opened this issue 6 years ago • 0 comments

I didn't find any JWT token validation. In the Receive.php file:

$idToken = $accessToken->getValues()['id_token'];
$decodedAccessTokenPayload = base64_decode(
    explode('.', $idToken)[1]
);

Isn't it a security risk to not validate the JWT signature?

mims92 avatar Nov 16 '18 15:11 mims92