You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Filter the set of collected keys. For instance, some
applications will use only keys referenced by "kid" (key ID) or
"x5t" (X.509 certificate SHA-1 thumbprint) parameters. If the
application uses the "alg" (algorithm), "use" (public key use),
or "key_ops" (key operations) parameters, keys with keys with
inappropriate values of those parameters would be excluded.
Additionally, keys might be filtered to include or exclude keys
with certain other member values in an application specific
manner. For some applications, no filtering will be applied.
Emphasis mine, I guess the code is correct but wanted to keep record of this.
The text was updated successfully, but these errors were encountered:
As can be seen here,
we require a JWT key with a
use=sigproperty. Test caseThis is probably correct, but perhaps we could add a flag to ignore this validation, since, if the signature is valid..
However, according to JWS Appendix D:
Emphasis mine, I guess the code is correct but wanted to keep record of this.
The text was updated successfully, but these errors were encountered: