Make sure that algorithm matches key type
Issue #33
on hold
The signing/encryption algorithms published in a JWK really do need to match the content, so we should make sure that they are matched in the JWK constructors.
Oct -> HS256, HS384, HS512 RSA -> RS256, RS384, RS512 EC -> ES256, ES384, ES512
Similar checks for encryption algs, I think?
Comments (3)
-
-
reporter Not sure we can or want to. Or at the very least, push a warning out, though I don't think the library assumes any kind of logging system.
-
- changed status to on hold
One potential solution is to define additional JWK constructors that check the algorithm, one against the std algorithm list, another against a checker interface (for custom alg cases).
JWK(..., Algorithm alg, boolean strict, ...) JWK(..., Algorithm alg, AlgorithmValidator validator, ...)
I suggest we put this issue on hold for now and come back to it if we see genuine need for such checking in future.
- Log in to comment
Makes sense, but how are we going to check and handle non-std (custom) alg arguments?