You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are/can be scenarios where there are UCAN tokens that are almost valid (validish), and can be reasonably interpreted as such. Canonicalization of these tokens (x = serialize(deserialize(x))) is at odds with encoding valid tokens and being lenient in what we parse.
Examples of validish tokens:
An unexpected field, either irrelevant or from a different implementation or spec/version flux
An empty value for an optional field "prf": [] (which "MUST be omitted")
There are/can be scenarios where there are UCAN tokens that are almost valid (validish), and can be reasonably interpreted as such. Canonicalization of these tokens (
x = serialize(deserialize(x))) is at odds with encoding valid tokens and being lenient in what we parse.Examples of validish tokens:
"prf": [](which "MUST be omitted")exp, re-encoded as"exp": null(feat: Allow nullable expiry per 0.9.0 spec. Fixes #23 #95 currently will trigger this scenario if given a validish token without extra handling)Some options forward:
The text was updated successfully, but these errors were encountered: