You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the rfc7515 the result of hash function(signature) should not be converted to hash string, but only BASE64URL encoded:
Computing the HMAC of the JWS Signing Input ASCII(BASE64URL(UTF8(JWS
Protected Header)) || '.' || BASE64URL(JWS Payload)) with the HMAC
SHA-256 algorithm using the key specified in Appendix A.1 and
base64url-encoding the result yields this BASE64URL(JWS Signature)
value:
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
Currently the library is not interoperable with other JWT libraries(see results with debugger at https://jwt.io). The tests should be probably changed to compare raw values instead of working with the values computed by the library's encode function:
According to the rfc7515 the result of hash function(signature) should not be converted to hash string, but only BASE64URL encoded:
Currently the library is not interoperable with other JWT libraries(see results with debugger at https://jwt.io). The tests should be probably changed to compare raw values instead of working with the values computed by the library's encode function:
https://github.com/Olivine-Labs/lua-jwt/blob/master/spec/jwt_spec.lua#L40
The text was updated successfully, but these errors were encountered: