Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JOSE.JWE.block_decrypt: allow specifying alg and enc like for verify_strict #84

Open
tanguilp opened this issue Feb 17, 2020 · 0 comments
Open

JOSE.JWE.block_decrypt: allow specifying alg and enc like for verify_strict #84

tanguilp opened this issue Feb 17, 2020 · 0 comments
Labels
enhancement
Milestone
jose 1.12.0

Comments

@tanguilp
Copy link

As per JSON Web Token Best Current Practices - section 3.1, JWE decryption should allow specifying alg and enc like for JWS signature verification.

Not sure what is the security threat here, and if the same problems we saw with JWS can appear.
@potatosalad potatosalad added this to the jose 1.12.0 milestone Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
jose 1.12.x
Status: To do
Milestone
jose 1.12.0
Development

No branches or pull requests
2 participants
@potatosalad @tanguilp