Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
0.33
-
None
-
true
Description
A trusted application service provider requests the application certificate from a to-be-trusted client.
The response that is returned is largely unvalidatable.
Some metadata or message structure should be used so consumers of this response can validate incoming text as being an instance of this message type.
Such protocols should also contain a protocol version to aid backwards compatibility.
e.g:
protocol = Atlassian Trusted Application Certificate Protocol
protocol.version = 1.2
protocol.message = Trust Certificate Response
application.id = confluence:1234567
certificate.data = MIIBIjANBgkqhkiG9w0BAQEFAAazZEjpQ33w1rXg374er2ZkevnI7U1HCrHyP2FezV/iNBsOVg1/IDAQAB
Attachments
Issue Links
- is related to
-
JRASERVER-14421 Trusted Apps Initial Request Phase: Detect and report obvious classes of user input errors.
- Closed