Aleks, On 5/1/21 1:42 PM, Aleksandar Lazic wrote:
# Extract the JSON Web Algorithms (JWA) from Bearer Token.http-request set-var(txn.jwt_algo) req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg') if bearer_header_exist
Trusting the algorithm specified in the JWT is unsafe and a common source of security issues.
Best regards Tim Düsterhus
