Skip to content

Less strict validation

Latest
Compare
Choose a tag to compare
@MicahParks MicahParks released this 12 Mar 00:10
7091ac8

The purpose of this release is to use less strict validation for JWK. This will allow users to work with non-RFC compliant JWK Sets for small padding mistakes.

Two padding related reasons for this are:

  1. Mandatory leading padding for ECDSA JWK parameters.
  2. A common mistake adding leading padding to RSA JWK parameter "n".

For padding specifically, this project is only comparing integers after they are parsed from Base64 raw URL encoding by default. To turn on strict validation, there will be a new field on jwkset.ValidateOptions named StrictPadding.

An example for 1 would be a bug in this project were mandatory leading padding was absent: #18

An example for 2 would be a Firebase service that was reported to be incompatible with this project: #23

Relevant issues:

Relevant pull requests: