This repository has been archived by the owner on Jul 9, 2021. It is now read-only.

JWT signature is always verified #10

Open

nbarbettini opened this issue May 23, 2016 · 1 comment

Labels

bug

Member

nbarbettini commented May 23, 2016 •

edited

Loading

If I paste this JWT into the site:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJURVNUIiwianRpIjoiZjU4NDhiMDMtNWE0Zi00OGEzLTliN2UtNzgzNTk0ZWM0NmQ2IiwiaWF0IjoxNDY0MDQ0NzIzLCJuYmYiOjE0NjQwNDQ3MjMsImV4cCI6MTQ2NDA0NTAyMywiaXNzIjoiRXhhbXBsZUlzc3VlciIsImF1ZCI6IkV4YW1wbGVBdWRpZW5jZSJ9.x71rScjuEBI1Q1gkLjh1wpaApnz2_m6OoAvOCLuqn0o

The signature panel will always say "Verified", even if I type garbage into the text box. The actual signing key is "mysupersecret_secretkey!123".

The text was updated successfully, but these errors were encountered:

nbarbettini added the bug label

Member Author

nbarbettini commented May 23, 2016

On a second look, I think that the signature verification isn't working for expired JWTs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.