JWT processing not supporting JWK header
Issue #208
invalid
While using the JWT processing api, if i try to feed a JWT having an Embedded JWK in the header, The processing fails- If we consider the following JWT
{ "alg": "RS256", "jwk": "{ "kty": "RSA", "alg": "RS256", "use": "sig", "kid": "8a42a8337b12b93294b24e9469e5beb0daa1be4e", "n": "2kAbNB3gZncsmOPzh7SyA_LUnzLnDCPvImBtrN5bSi_gbIKkvsokVLELJUD885CCisEy8HQjArx5qCTwhOSwMBhTRWmSdWPGMpD-SAlobp35xLaIVkQsz_KjIqNYqFAkXQI3BSaC1WSRPL2rA1S6y0hz6miCDL2ekvUAM0_VVQSMA61nEuzQEkj9cB9wc4kI7J1HTIvUyhzyiOpCCMXdH6GQAstydX3Ng-KOaQNE53x_jjkJ7Dv4lozqlr4iNFQe2sVrUfWliJBRTcdOGYuvNHtPpEP-5_5J0D_yA_8cC5c8ZJHJWrsJBNfP37p5c3_4UCzKaVK2VmlFJoKYM4Qnfw", "e": "AQAB" }", "cty": "application/json", "typ": "JWT", "ContentType": "application/json", "kid": "7336172b91b89894846a11a8e00a77d6", "custom": "value" }
JWT jwt = JWTParser.parse(generatedJWT);
and generatedJWT is same as the string described above
The error we get is Error:Unexpected type of JSON object member with key jwk
Comments (2)
-
-
- changed status to invalid
JSON objects as JOSE header parameters are supported, just make sure you inserted them as a JSON object and not some other class (e.g. JWK).
Here is a test to demonstrate that: 6edeaf6
- Log in to comment
We'll add a test to check if JSON objects are supported at the JOSE header level.
What is the reason to have a JWK embedded inside the JWT? You do understand that having a JWT signed with a JWK embedded in the JWT cannot be verified, given the nature the key is agreed?