Skip to content

[ABCA] Implement Replay Attack Protection #200

New issue
New issue
Open
Task
Open
[ABCA] Implement Replay Attack Protection#200
Task
@Awambeng

Description

@Awambeng
Awambeng
opened on Dec 8, 2025

Description

This is a proxy of:

Add replay protection required by spec to prevent reuse of PoP JWTs or challenges.

Potential considerations

  • Implement jti tracking for PoP JWTs using a sliding window
  • Ensure jti cannot be reused for the same client instance
  • Implement efficient storage (map, LRU, or Trie/Patricia Trie if justified)
  • Detect challenge reuse
  • Enforce expiration of replay entries
  • Integrate verification into authenticator + challenge endpoint

estimated time: 3–4 days

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions