Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Currently SignatureMethod doesn't take in consideration the header for calculate verifying the signature.
As per spec the input for the signature is:
WS Signing Input
ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload))