New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jwt.JWT allows parsing tokens with json serialization #342

Open

simo5 opened this issue Feb 20, 2024 · 0 comments

Labels

Member

simo5 commented Feb 20, 2024 •

edited

Loading

According to RFC 7519 only the compact serialization can be used for a proper JWT token.
Jwcrypto accepts any JWS/JWE token for parsing.

While this not a problem per se, people may want to reject even the ability to parse a non-compact serialization to reduce potential attack surface.

Provide a "strict" or "serialization" option when instantiating a JWT so that this aspect can be controlled.

simo5 added the enhancement label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment