1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Problem with JWT Header and alg "none"

Issue #92 invalid
Kristina Sahlmann created an issue

Using this Library I have the problems with JWT, which is not signed. It has three parts: JWT header :{"alg":"none","typ":"JWT"}, JWT payload and empty Signature after point.

But I get this Exception in JWSObject: java.text.ParseException: Invalid JWS header: The algorithm "alg" header parameter must be for signatures

The JWT is ok so far. What should this exception say? It seems to be a bug.

Comments (1)

  1. Vladimir Dzhuvinov

    Hi Kristina,

    JWSObject is reserved for JOSE objects that have true signatures. That was done intentionally to ensure plain and protected objects are type safe separated.

    Please use PlainObject or PlainJWT to parse alg:none objects.

  2. Log in to comment
Assignee
Type
bug
Priority
major
Status
invalid
Component
Milestone
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!