- changed status to invalid
Why must secret's length > 32?
Issue #454
invalid
I work with developer of go,but when I create jwt token,the java is error ,but i don't find this requirement in any way,can u show me? protected MACProvider(final byte[] secret, final Set<JWSAlgorithm> supportedAlgs) throws KeyLengthException {
super(supportedAlgs);
if (secret.length < 256 / 8) {
throw new KeyLengthException("The secret length must be at least 256 bits");
}
this.secret = secret;
}
Comments (1)
-
- Log in to comment
Here is an explanation:
https://datatracker.ietf.org/doc/html/rfc7518#section-3.2