Skip to content

Fix jwt bearer auth
Compare
Choose a tag to compare
@mduesterhoeft mduesterhoeft released this 28 Mar 12:44
· 104 commits to master since this release
0.9.2
582e29e 
Loosen isJWT check. (#93)

Previously added logic for checking if a token is JWT is too strict. According
to spec: https://tools.ietf.org/html/rfc7519#section-5.1 `typ` header isn't even
required, and its value may not be "JWT". `alg` on the other hand is more
commonly used. So checking its existence is much more reliable.
Assets 2
Loading