Skip to content

Improvements to validating incoming scitokens

Duncan Macleod requested to merge duncanmmacleod/gwdatafind-server:scitokens-improvements into master

This MR improves the validation of incoming auth scitokens, after some real-world testing.

The main functional changes are as follows

  • don't use any custom validators, just set up scitokens.Encforcer and use it's default test() method.
  • explicitly deserialize() tokens with aud:ANY, the enforcer will restrict the audience later

Merge request reports