Check iss, iat & exp when validating JWT in OPA policy

DiamondLightSource · Apr 8, 2024 · 131ef26 · 131ef26
1 parent a5e6e50
commit 131ef26
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/policy/token.rego b/policy/token.rego
@@ -22,7 +22,7 @@ jwks := fetch_jwks(jwks_url).raw_body
 valid := io.jwt.decode_verify(input.token, {
 	"cert": jwks,
 	"iss": "https://authn.diamond.ac.uk/realms/master",
-	"time": time.now_ns(),
+	"aud": "account",
 })
 
 claims := valid[2]