- changed status to wontfix
Make "none" a valid JWS alg type
Issue #58
wontfix
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6
Current behavior throws a ParseException when "alg" is set to "none" in the JWS Header.
Relevant points in the code:
and
Comments (3)
-
-
reporter Thank you for explaining that :)
-
Just pushed out a new release (2.18) to Maven central, it updates the library to the latest JOSE - 14/ JWT -11 drafts and also adds a two helper methods to parse headers of any type:
Header.parse(String) Header.parse(Base64URL)
Should reach Maven Central by the end of the day.
Enjoy :)
- Log in to comment
Unprotected JOSE objects are represented by the PlainObject / PlainHeader classes. The class structure of the library was designed specifically to provide a clear distinction between plain and true JWS objects.
If you want to parse a JOSE header which type you don't know in advance use the Header.parse method. You can then do an instanceof check on the result (PlainHeader / JWSHeader / JWEHeader).
Tomorrow I'll look if we could add a convenience method to parse headers from JSON strings and /or Base64URL strings (that would be a different issue).
Cheers, Vladimir