Uploaded image for project: 'Apache Oltu'
  1. Apache Oltu
  2. OLTU-201

Issue in JWS validation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: jose-1.0.1
    • Component/s: JWT
    • Labels:
      None

      Description

      The JWS validation is currently broken.

      The validation fails in certain cases even if the jwt is valid.
      The problem is due to some json reordering on reconstructing the jws to validate.
      E.g. if the header of the JWS is

       {"kid":"bilbo.baggins@hobbiton.example", "alg":"RS256"}
      

      the validation algorithm reconstruct the jws upon validation as

       { "alg":"RS256", "kid":"bilbo.baggins@hobbiton.example"}
      

      and consequently the signature would not match any longer

        Attachments

          Activity

            People

            • Assignee:
              asanso Antonio Sanso
              Reporter:
              asanso Antonio Sanso
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: