You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To make things easier to the end user of the library I've followed some aspects from another libs, and the Token::verify() was one of them, but after reading this article I think we should change some things (for good).
Remove Signer from Signature (and change the BaseSigner);
Remove Signer\Factory (and change the Parser);
Pass signer on Token::verify() (to validate if the alg header matches) and the Signature::verify() (to see if the signature was created by that signer with the expected key);
Those changes are easy to do and will simplify things (yes Parser I'm talking to you), but since is a BC break I'm moving it to next major release (3.0.0).
Do you guys have any consideration about this?
The text was updated successfully, but these errors were encountered:
To make things easier to the end user of the library I've followed some aspects from another libs, and the
Token::verify()was one of them, but after reading this article I think we should change some things (for good).SignerfromSignature(and change theBaseSigner);Signer\Factory(and change theParser);Token::verify()(to validate if thealgheader matches) and theSignature::verify()(to see if the signature was created by that signer with the expected key);Those changes are easy to do and will simplify things (yes
ParserI'm talking to you), but since is a BC break I'm moving it to next major release (3.0.0).Do you guys have any consideration about this?
The text was updated successfully, but these errors were encountered: