v5.0.0 tracking issue

Question

v5.0.0 tracking issue

Opened this issue 4 months ago · 1 comments

In release v5.0.0 we aim to support AWS ALB (#109 ) for which we have to do significant groundwork. This issue tracks that groundwork:

Bump minimum supported Node.js version to 16 from 14: in #164
Support ES256, ES384 and ES512: in #164
Support non-standard JWKS: #167
Support JWTs with padding: tbd
Create an AwsAlbJwtVerifier and AwsAlbJwksCache: tbd

Answer 1 · 2024-07-18T08:57:22.000Z

ALB docs on verifying their JWTs: link

Notably: the docs say they put iss, client and exp claims in the JWT header––which is non-standard, according to standard they should be in the JWT payload.

And here's the docs for Amazon Verified Access which works similar to ALB: link