Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clearly document Validate token bindings option in all token binding related docs #21538

Closed
Yoshani opened this issue Oct 30, 2024 · 1 comment
Closed

Clearly document Validate token bindings option in all token binding related docs #21538

Yoshani opened this issue Oct 30, 2024 · 1 comment
Labels
Type/Docs

Comments

@Yoshani
Copy link
Contributor

Yoshani commented Oct 30, 2024
edited
Loading

Is your suggestion related to a missing or misleading document? Please describe.
In the documentation related to token binding types (including DPoP connector readme since this was raised in a related case), we need to clearly mention that the Validate token bindings option should be enabled for the binding to be validated during authorization. Otherwise the received token can be used to grant access regardless of the binding type.
@Yoshani Yoshani mentioned this issue Oct 30, 2024
Merged
@Yoshani
Copy link
Contributor Author

Yoshani commented Oct 30, 2024

Dpop readme updated through wso2-extensions/identity-oauth-dpop#23

@Thumimku Thumimku closed this as completed Feb 1, 2025
@github-project-automation github-project-automation bot moved this from Todo to Done in Identity Server 7.1.0 Feb 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Docs
Projects
Identity Server 7.1.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thumimku @Yoshani