"Exp" field before "iat" field
Issue #317
invalid
The fact that the exp field comes before the iat field creates verification problems of the JWT .
My JWT is created with your library and has exp before iat. When signing the signature is different from th ones of other libraries (i.e. NodeJs libraries) and fields order is different.
Cristian
Comments (2)
-
-
- changed status to invalid
Fields can be in any order, canonicalization not expected.
- Log in to comment
The JWT spec doesn’t mandate any field order. Also, not all types of digital signature algorithms are deterministic.