1. Nat Sakimura Avatar Nat Sakimura
  2. Untitled project
  3. oauth-jwsreq
  4. Issues

Charset should be explicitly noted (Vladimir)

Issue #13 invalid
Nat Sakimura repo owner created an issue
  1. I see that no particular charset for the resource contents referenced by the request_uri is mandated, and there is no mention that the web server should indicate the charset. I suppose this was meant to make JWT deployments / uploads easier. However, this may also lead to problems if the AS tries to validate the SHA-256 hash and doesn't know what charset was used (is anyone actually expected to be validating the fragment if present?) JWT (RFC 7519) is explicit on UTF-8 though.

Comments (2)

  1. Nat Sakimura reporter

    Actually, since the content of the request_uri MUST be a request object, which MUST be a JWT, which MUST be UTF-8, it is UTF-8.

    I can still put a note though.

  2. Nat Sakimura reporter

    I thought of adding a note, but it would really be duplicating the requirements of request object and probably redundant.

  3. Log in to comment
Assignee
Type
bug
Priority
major
Status
invalid
Votes
0
Watchers
0
Jira: the preferred issue tracker for Bitbucket. Join the team!