Skip to content
This repository has been archived by the owner on Jul 9, 2021. It is now read-only.

JWT signature is always verified #10

Open
nbarbettini opened this issue May 23, 2016 · 1 comment
Open

JWT signature is always verified #10

nbarbettini opened this issue May 23, 2016 · 1 comment
Labels

Comments

@nbarbettini
Copy link
Member

nbarbettini commented May 23, 2016

If I paste this JWT into the site:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJURVNUIiwianRpIjoiZjU4NDhiMDMtNWE0Zi00OGEzLTliN2UtNzgzNTk0ZWM0NmQ2IiwiaWF0IjoxNDY0MDQ0NzIzLCJuYmYiOjE0NjQwNDQ3MjMsImV4cCI6MTQ2NDA0NTAyMywiaXNzIjoiRXhhbXBsZUlzc3VlciIsImF1ZCI6IkV4YW1wbGVBdWRpZW5jZSJ9.x71rScjuEBI1Q1gkLjh1wpaApnz2_m6OoAvOCLuqn0o

The signature panel will always say "Verified", even if I type garbage into the text box. The actual signing key is "mysupersecret_secretkey!123".

@nbarbettini
Copy link
Member Author

On a second look, I think that the signature verification isn't working for expired JWTs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

1 participant