On 01.05.21 15:08, Tim Düsterhus wrote:
Aleks,

On 5/1/21 1:42 PM, Aleksandar Lazic wrote:
# Extract the JSON Web Algorithms (JWA) from Bearer Token.
http-request set-var(txn.jwt_algo) 
req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg')  if 
bearer_header_exist

Trusting the algorithm specified in the JWT is unsafe and a common source of 
security issues.

Agree. I was a bad example.

Best regards
Tim Düsterhus


Reply via email to