Couchdb: JWT authentication does not work with iss claim

Created on 7 Jun 2020  路  5Comments  路  Source: apache/couchdb

Description

When using JWT authentication with only exp as required_claims , but iss is provided in the JWT token, CouchDB responses with:

{
  "error": "bad_request",
  "reason": "Invalid iss claim"
}

Steps to Reproduce

  • Use v3.1.0
  • Set {chttpd_auth, jwt_authentication_handler} in authentication_handlers & add public key
  • Set required_claims = exp
  • Generate JWT with any iss claim
  • Try to use the token for any request

Expected Behaviour

  • It should work

Your Environment

  • CouchDB version used: 3.1.0
  • Browser name and version: Chrome Version 83.0.4103.97 (Official Build) (64-bit)
  • Operating system and version: ubunut 20.04

Additional Context

Slac chat about the problem.

bug needs-triage

All 5 comments

I think they fixed it here #2888 but I wonder when they will release the fixed version

Yup, that looks like the fix.

FYI, our release schedule is a release every 3-6 months. We just had a release in May, so I don't expect another release for a month or two at the earliest.

If you need this sooner, you can build from source.

Super, thanks!

I think this issue is not solved by #2888. Please see proposed solution in #2946.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

denyeart picture denyeart  路  3Comments

dpdornseifer picture dpdornseifer  路  3Comments

wohali picture wohali  路  5Comments

mojito317 picture mojito317  路  3Comments

wohali picture wohali  路  3Comments