[Provider] private_key_jwt replay
Opened this issue · 0 comments
peppelinux commented
Following the work made in release
https://github.com/italia/spid-cie-oidc-django/releases/tag/v0.8.2
we have to consider that we don't have any mechanisms to check if a private_key_jwt is replied.
I think that we should do something in this side to improve the security, the lookup parameter would be jti