Olivier Dumont ef157ae9ba Fix critical security issue: verify JWT signature in access token validation ...

The validateAccessToken method was only decoding the JWT payload without
verifying the signature, allowing attackers to forge tokens. This fix:

- Adds ValidateAccessToken method to OIDCService that properly verifies
  JWT signature using RSA public key
- Validates issuer, expiration, and required claims
- Updates controller to use the secure validation method
- Removes insecure manual JWT parsing code

2025-12-30 12:36:30 +01:00

..

access_controls_service.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

auth_service.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

database_service.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

docker_service.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

generic_oauth_service.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

github_oauth_service.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

google_oauth_service.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

ldap_service.go

…

oauth_broker_service.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

oidc_service.go

Fix critical security issue: verify JWT signature in access token validation

2025-12-30 12:36:30 +01:00