> On Feb. 20, 2017, 8:36 a.m., Greg Mann wrote: > > Regarding the description: I'm curious how exactly the current > > implementation isn't compliant with RFCs 7515/7519? The one thing I noticed > > was the lack of support for the 'crit' header parameter. > > Jan Schlicht wrote: > There isn't support for `alg=none` and it is strongly recommended to also > support `alg=RS256`. Standard claims aren't validated, though it's up to the > specific applications to specify which of these claims are mandatory; it > would make sense to validate them as part of a general-purpose JWT > implementation. Decoded JSON isn't tested for line breaks, whitespaces, > correct UTF-8 encoding.
Sorry, I've read the RFC wrong: We don't have to test the JSON for line breaks, but the base64. I'll add support for `alg=none` and the `crit` header. - Jan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56667/#review166057 ----------------------------------------------------------- On Feb. 22, 2017, 3:26 p.m., Jan Schlicht wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56667/ > ----------------------------------------------------------- > > (Updated Feb. 22, 2017, 3:26 p.m.) > > > Review request for mesos and Greg Mann. > > > Bugs: MESOS-7001 > https://issues.apache.org/jira/browse/MESOS-7001 > > > Repository: mesos > > > Description > ------- > > JSON Web Tokens can be used to create claim-based access tokens and is > typically used for HTTP authentication. > This implementation is intended for internal use, e.g. Mesos is supposed > to only parse tokens that it also created. It doesn't fully comply with > RFC 7519. Currently the only supported cryptographic algorithm is HMAC > with SHA-256. > > > Diffs > ----- > > 3rdparty/libprocess/Makefile.am 75386184108214e67a58c328258ec204099d638c > 3rdparty/libprocess/include/process/jwt.hpp PRE-CREATION > 3rdparty/libprocess/src/jwt.cpp PRE-CREATION > 3rdparty/libprocess/src/tests/jwt_tests.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/56667/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Jan Schlicht > >
