Description
Signature validation fails due to a bug in the JWS.java. The validate method fails in some cases as the elements of header and payload are constructed back (see below) in a sorted order which could be different from the original order in which the token was sent by the authorization serve.
I was able to validate the signature by doing the validation outside of this method/class by storing the actual encoded header, payload and using them. Can this be addressed?
return method.verify(signature,
TokenDecoder.base64Encode(new JWSHeaderWriter().write(header)),
TokenDecoder.base64Encode(payload), verifyingKey)