[jboss-jira] [JBoss JIRA] (WFWIP-288) JWT signed by 1024 bit long key is rejected
Jan Kasik (Jira)
issues at jboss.org
Tue Dec 17 08:39:59 EST 2019
Jan Kasik created WFWIP-288:
-------------------------------
Summary: JWT signed by 1024 bit long key is rejected
Key: WFWIP-288
URL: https://issues.redhat.com/browse/WFWIP-288
Project: WildFly WIP
Issue Type: Bug
Components: MP JWT
Reporter: Jan Kasik
Assignee: Darran Lofthouse
According to MP-JWT 1.1 specification, 1024 and 2048 bit key sizes should be supported. Though when there is JWT signed by 1024 bit long key presented to the server, it is rejected and client receives "Unauthorized" (code 401) message.
See chapter 9.2. Supported Public Key Formats:
{quote}
Support for RSA Public Keys of 1024 or 2048 bits in length is required. Other key sizes are allowed, but should be considered vendor-specific.
{quote}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list