Should compare sub in access_token and id_token to verify that it is from the same user to prevent that a user can impersonate another user.
dniel opened this issue · comments
verify both tokens, and check that the sub fields is the same in both.
dniel / traefik-forward-auth0
A backend for performing forward authentication with Auth0 using the Traefik reverse proxy.