Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perform Algorithm Verification #63

Merged
merged 6 commits into from
Nov 1, 2022
Merged

Perform Algorithm Verification #63

merged 6 commits into from
Nov 1, 2022

Conversation

MicahParks
Copy link
Owner

The purpose of this PR is to confirm the JWK uses the same algorithm as what's in the JWT header before passing the JWK's public key for signature verification.

Related issue: #62

@MicahParks MicahParks marked this pull request as ready for review October 31, 2022 21:24
@MicahParks MicahParks mentioned this pull request Oct 31, 2022
Closed
sermojohn
sermojohn approved these changes Nov 1, 2022
View reviewed changes
Copy link

@sermojohn sermojohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for the prompt analysis and implementation!

As a note, when the JWKs are missing the algorithm attribute, this check will be disabled. This note could be added to the README, although I understand its possible to get outdated.

@MicahParks MicahParks merged commit 5a2fb27 into master Nov 1, 2022
@MicahParks MicahParks deleted the alg_check branch November 1, 2022 13:47
@sermojohn
Copy link

g8 job, thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sermojohn sermojohn sermojohn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MicahParks @sermojohn