Add validate logic at ParseJwtToken
sagilio opened this issue · 1 comments
sagilio commented
Improve security by default, and keep the logic synced from other SDKs.
API proposal:
// old
public virtual CasdoorUser? ParseJwtToken(string token)
// new
public virtual CasdoorUser? ParseJwtToken(string token, bool validateToken = true)
// add (because it needs to sync the jwks from casdoor, this will be an async logic)
public virtual Task<CasdoorUser?> ParseJwtTokenAsync(string token, bool validateToken = true)This will be a breaking change, need user change the param if someone does not want to validate the token.
casbin-bot commented