JWTVerificationException
s are used as the response body for 401
responses
rather than being replaced by a generic message. In doing so, this will allow easier diagnosis of authentication problems.reject-missing-token?
flag.IMPORTANT: This is a major release with backward compatibility breaking changes.
iss
from the incoming JWT and use it to lookup the appropriate algorithm from the middleware configuration to use for decoding.
(Note that the iss
claim is not "trusted" until signature verification has succeeded.)issuer
optional algorithm field has been removed. (Issuer check is now implicit based on the lookup of issuer in the
configuration.)Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close