Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tool Accepts invalid public keys #46

Open
madaster97 opened this issue Jul 18, 2023 · 1 comment
Open

Tool Accepts invalid public keys #46

madaster97 opened this issue Jul 18, 2023 · 1 comment

Comments

@madaster97
Copy link

madaster97 commented Jul 18, 2023

Hi there,

If you format a JWK in a slightly incorrect way, this tool will still count it as valid. I think this is fundamentally an issue with rsasignjs, so I submitted a bug report there. I even tried the latest version of that library and the issue was still there, so bumping version wouldn't help.

This caused some headaches for my company, which uses this tool for troubleshooting. The behavior of this doesn't tool line up with the software we use that validates JWTs we receive (Microsoft crypto libraries).

@davidgtonge
Copy link
Owner

Thanks, I need to update this to use jose library, I'll get around to it at some point

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants