[
https://issues.apache.org/jira/browse/OLTU-201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antonio Sanso resolved OLTU-201.
--------------------------------
Resolution: Fixed
Fix Version/s: jose-1.0.1
fixed in rev. r1754770
> Issue in JWS validation
> ------------------------
>
> Key: OLTU-201
> URL: https://issues.apache.org/jira/browse/OLTU-201
> Project: Apache Oltu
> Issue Type: Bug
> Components: JWT
> Reporter: Antonio Sanso
> Assignee: Antonio Sanso
> Fix For: jose-1.0.1
>
>
> The JWS validation is currently broken.
> The validation fails in certain cases even if the jwt is valid.
> The problem is due to some json reordering on reconstructing the jws to
> validate.
> E.g. if the header of the JWS is
> {code}
> {"kid":"[email protected]", "alg":"RS256"}
> {code}
> the validation algorithm reconstruct the jws upon validation as
> {code}
> { "alg":"RS256", "kid":"[email protected]"}
> {code}
> and consequently the signature would not match any longer
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
