oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanso (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OLTU-201) Issue in JWS validation
Date Wed, 27 Jul 2016 12:53:20 GMT
Antonio Sanso created OLTU-201:

             Summary: Issue in JWS validation 
                 Key: OLTU-201
                 URL: https://issues.apache.org/jira/browse/OLTU-201
             Project: Apache Oltu
          Issue Type: Bug
          Components: JWT
            Reporter: Antonio Sanso
            Assignee: Antonio Sanso

The JWS validation is currently broken.

The validation fails in certain cases even if the jwt is valid.
The problem is due to some json reordering on reconstructing the jws to validate.
E.g. if the header of the JWS is 

 {"kid":"bilbo.baggins@hobbiton.example", "alg":"RS256"}

the validation algorithm reconstruct the jws upon validation as 

 { "alg":"RS256", "kid":"bilbo.baggins@hobbiton.example"}

and consequently the signature would not match any longer

This message was sent by Atlassian JIRA

View raw message