You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When decoding a signed JWT token the algorithm and algorithms options should be made optional. The algorithm is already present in the JWT header, which makes setting it manually redundant. Furthermore the signing method used by a OAuth2.0/OpenID provider might be unknown to the user, which makes implementing token validation with ruby-jwt very difficult.
Current behavior:
algorithm or algorithms option is required when decoding a signed token
Desired behavior:
algorithm should be set automatically from alg in JWT header
When decoding a signed JWT token the
algorithmandalgorithmsoptions should be made optional. The algorithm is already present in the JWT header, which makes setting it manually redundant. Furthermore the signing method used by a OAuth2.0/OpenID provider might be unknown to the user, which makes implementing token validation withruby-jwtvery difficult.Current behavior:
algorithmoralgorithmsoption is required when decoding a signed tokenDesired behavior:
algin JWT headerFor that purpose the method
allowed algorithmscan be changed to automatically add the algorithm from JWT to allowed ones: https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/decode.rb#L49The text was updated successfully, but these errors were encountered: