[jboss-jira] [JBoss JIRA] (WFWIP-288) JWT signed by 1024 bit long key is rejected

Wednesday, 18 December 2019

    [
https://issues.redhat.com/browse/WFWIP-288?page=com.atlassian.jira.plugin...
] 

Darran Lofthouse commented on WFWIP-288:
----------------------------------------

Additionally I have raised this issue against the MicroProfile JWT specification
https://github.com/eclipse/microprofile-jwt-auth/issues/142

[~jkasik] If you could please look at the references above, I think this one can be closed
as an issue with the spec.

...
 JWT signed by 1024 bit long key is rejected
 -------------------------------------------

                 Key: WFWIP-288
                 URL: https://issues.redhat.com/browse/WFWIP-288
             Project: WildFly WIP
          Issue Type: Bug
          Components: MP JWT
            Reporter: Jan Kasik
            Assignee: Darran Lofthouse
            Priority: Blocker

 According to MP-JWT 1.1 specification, 1024 and 2048 bit key sizes must be supported.
Though when there is JWT signed by 1024 bit long key presented to the server, it is
rejected and client receives "Unauthorized" (code 401) message.
 See chapter 9.2. Supported Public Key Formats:
 {quote}
 Support for RSA Public Keys of 1024 or 2048 bits in length is required. Other key sizes
are allowed, but should be considered vendor-specific.
 {quote} 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFWIP-288) JWT signed by 1024 bit long key is rejected