[
https://issues.apache.org/jira/browse/OLTU-201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15395621#comment-15395621
]
Antonio Sanso commented on OLTU-201:
------------------------------------
added unit test that shows the issue (disabled for now)
> Issue in JWS validation
> ------------------------
>
> Key: OLTU-201
> URL: https://issues.apache.org/jira/browse/OLTU-201
> Project: Apache Oltu
> Issue Type: Bug
> Components: JWT
> Reporter: Antonio Sanso
> Assignee: Antonio Sanso
>
> The JWS validation is currently broken.
> The validation fails in certain cases even if the jwt is valid.
> The problem is due to some json reordering on reconstructing the jws to
> validate.
> E.g. if the header of the JWS is
> {code}
> {"kid":"[email protected]", "alg":"RS256"}
> {code}
> the validation algorithm reconstruct the jws upon validation as
> {code}
> { "alg":"RS256", "kid":"[email protected]"}
> {code}
> and consequently the signature would not match any longer
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
