This module seems to expect the verifier to know what the "jti" is beforehand. I understand "jti" to be primarily used as a nonce to prevent replay attacks, or keeping a revocation list. The verify step, however, seems to just check that the provided jwtid matches a specific string.
"jti" reference
This module seems to expect the verifier to know what the "jti" is beforehand. I understand "jti" to be primarily used as a nonce to prevent replay attacks, or keeping a revocation list. The verify step, however, seems to just check that the provided
jwtidmatches a specific string."jti" reference