kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

jwt: strictly support compact serialization only 

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e89dddd4af67d34e441ec1733bdb22ce725d621c
This commit is contained in:
Monis Khan 2024-02-27 12:40:59 -05:00 committed by Kubernetes Publisher
parent f08c74c02d
commit 1154db23b1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/authenticator/token/oidc/oidc.go
View File

@ -342,6 +342,9 @@ func New(opts Options) (*Authenticator, error) {
// or returns an error if the token can not be parsed. Since the JWT is not
// verified, the returned issuer should not be trusted.
func untrustedIssuer(token string) (string, error) {
if strings.HasPrefix(strings.TrimSpace(token), "{") {
return "", fmt.Errorf("token is not compact JWT")
}
parts := strings.Split(token, ".")
if len(parts) != 3 {
return "", fmt.Errorf("malformed token")