On 01.05.21 15:08, Tim Düsterhus wrote:
Aleks,On 5/1/21 1:42 PM, Aleksandar Lazic wrote:# Extract the JSON Web Algorithms (JWA) from Bearer Token. http-request set-var(txn.jwt_algo) req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg') if bearer_header_existTrusting the algorithm specified in the JWT is unsafe and a common source of security issues.
Agree. I was a bad example.
Best regards Tim Düsterhus

