[jboss-jira] [JBoss JIRA] (WFWIP-294) JWT is rejected if signature matching public key is not first in JWK set
Jan Kasik (Jira)
issues at jboss.org
Thu Jan 9 03:53:40 EST 2020
Jan Kasik created WFWIP-294:
-------------------------------
Summary: JWT is rejected if signature matching public key is not first in JWK set
Key: WFWIP-294
URL: https://issues.redhat.com/browse/WFWIP-294
Project: WildFly WIP
Issue Type: Bug
Reporter: Jan Kasik
Assignee: Kabir Khan
Attachments: jwks.json, jwt.base64
When public key on remote server is configured to be JWK set, the JWT which has correctly configured key ID to aim on matching public key from the set is rejected if matching public key is not on first position in the set array.
Attached is "flawed" key set with "blue-key" placed on first position in array.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list