- changed status to invalid
Problem with JWT Header and alg "none"
Issue #92
invalid
Using this Library I have the problems with JWT, which is not signed. It has three parts: JWT header :{"alg":"none","typ":"JWT"}, JWT payload and empty Signature after point.
But I get this Exception in JWSObject: java.text.ParseException: Invalid JWS header: The algorithm "alg" header parameter must be for signatures
The JWT is ok so far. What should this exception say? It seems to be a bug.
Comments (1)
-
- Log in to comment
Hi Kristina,
JWSObject is reserved for JOSE objects that have true signatures. That was done intentionally to ensure plain and protected objects are type safe separated.
Please use PlainObject or PlainJWT to parse alg:none objects.