api-guidelines icon indicating copy to clipboard operation
api-guidelines copied to clipboard
verified publisher icon otto-de

[update] remove rule MUST NOT validate audience of the JSON Web Token

Open BirgitBader opened this issue 2 years ago • 1 comments

(i) This issue has been manually transferred from a former internal repository, as a private repository issue cannot be transferred to a public repository.

Context

The rule describes how the "aud" claim is used within api.otto.de. The usage and validation of the "aud" claim can make sense for other OAuth2 processes.

Instead of having a rule, we should improve api.otto.de's documentation of the OAuth2 server, as this rule is tightly bound to how api.otto.de's OAuth2 server works.

BirgitBader avatar May 16 '23 07:05 BirgitBader

Relates to https://github.com/otto-ec/ottoapi_portal/issues/1950

BirgitBader avatar May 16 '23 07:05 BirgitBader