Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Make sig validation not processed in dev mode
See original GitHub issueIf a user sets the Config.env = "dev" we should disable signature validation for incoming requests on the AS and the RS. For the AS we can remove the current mechanism we use to do that and rather just assume it from the mode.
This will make it initially much easier to work with Postman as we still need to add signature support to it
Issue Analytics
- State:
- Created a year ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
How to troubleshoot app package signature errors - Win32 apps
In the Properties dialog, select the Digital Signatures tab, which also displays whether the signature can be validated. In the Signature list, ...
Read more >Disable code signature verificatio… | Apple Developer Forums
This is in a regular Terminal window, not in recovery mode. Next, go to System Preferences -> Security & Privacy -> Privacy, and...
Read more >Validating digital signatures, Adobe Acrobat
Under Categories, select Signatures. For Verification, click More. To automatically validate all signatures in a PDF when you open the document ...
Read more >Java XML Digital Signature API - Oracle Help Center
dsig.secureValidation", Boolean.TRUE);. When XML Signature secure validation mode is enabled, XML Signatures are processed more securely. Limits are set on ...
Read more >About commit signature verification - GitHub Docs
Commits and tags have the following verification statuses, depending on whether you have enabled vigilant mode. By default vigilant mode is not enabled....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
dev-access-tokenhelps the RS skip HTTP signature validation on client-RS requests. #683 will help the AS skip HTTP signature validation on client-AS requests.@mankins This is a good approach, I was just clarifying previously that the existing mechanism (with the
dev-access-token) lives on the resource server side and not originally on the authorization server side.I can take a look at the PR later tonight, and do some own testing too.