New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HS encryption algorithm problem [Using 0.11.5 and SecretKey for signWith and setSigningKey] #754
Comments
The signature is only validated on parsing, i.e. when At first glance, your code looks a little different: you call Were you able to see what the issue was? |
Hi, sorry that I forgot to mention the problem in my question; same as the issue I mentioned, I tried using different key for parsing but it doesn't throw an error. (What you see is correct. |
I'd have to see the keys (or an example that re-creates with a similar setup). Is it possible that your keys are Base64-encoded before turning them into For example, this is discussed in the referenced issue: https://github.com/jwtk/jjwt#base64-security especially: |
Closing due to inactivity from the OP. Happy to re-open if necessary, please advise. |
Hi there,
I found #749, which is the same issue with mine, and read the comment too.
But I'm already using 0.11.5 version and SecretKey (not String) for the encoding(signWith) and decoding(setSigningKey).
Does Jwts.parser().setSigningKey(key) not validate the signature? Am I missing something?
The text was updated successfully, but these errors were encountered: