You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tough question indeed! From what I understand: HTTPs solves this question and if using HTTPs is not possible we would have to add a certificate.
It is beyond the scope of this middleware but it is not for the docker image of Krypton. We must force using HTTPS with this Docker image.
I don't think we should enable HTTPS in the Docker image, as this would require putting certificates inside the container (doable, but not very convenient).
Usually Docker containers are exposed behind a reverse-proxy which does TLS termination.
But the importance of this should be emphasized in the documentation!
See #51 and https://stackoverflow.com/questions/39471872/jwt-rs256-is-it-safe-to-fetch-public-key-over-https.
The text was updated successfully, but these errors were encountered: