-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jws: Add expected algorithms for signatures #74
Conversation
Could you provide a migration guide when upgrading from v3, I have a call like
Now I need to know what algorithm the encodedJwt is using, but I don't necessarily know what it is or what to expect. |
The full list of algorithims supported is: Lines 106 to 118 in 696da50
What algorithms you want to support depends on your use-case. This parameter was added because it is often unsafe to blindly accept any algorithm. |
Would it be possible to add a helper function |
We'd rather not, as that's generally not a safe behaviour if we added new unexpected algorithms, and would potentially be a silent breaking change if we ever removed algorithms. |
What is the system that produces the JWTs you're parsing? If it's a system you control, you can look at the source code and see what algorithm it uses to sign its output. If it's not a system you control, it should document the algorithms it uses, and you can use that documentation. And if there's no documentation of that, there's a good reason to file an enhancement request. 😄 |
Following the example of #69