Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JOSE.JWT.verify uses CPU intensively when signed is nil #23

Closed
slashmili opened this issue Aug 1, 2016 · 2 comments
Closed

JOSE.JWT.verify uses CPU intensively when signed is nil #23

slashmili opened this issue Aug 1, 2016 · 2 comments

Comments

@slashmili
Copy link

ex:

jwk = JOSE.JWK.generate_key(16)
JOSE.JWT.verify_strict(jwk, ["HS256"], nil)
JOSE.JWT.verify(jwk, nil)
@potatosalad
Copy link
Owner

Sorry for the delay in getting to this and #22, I'll try to get to these within the week. Improved solutions to these issues might be part of the next major version of the project that I've been hoping to get started sometime soon.

potatosalad added a commit that referenced this issue Aug 9, 2016
@potatosalad
Version 1.8.0
829e5bb 
* Enhancements
  * ChaCha20/Poly1305 encryption and one-time message authentication
    functions are experimentally supported based on RFC 7539.

* Fixes
  * Handling invalid token without raising Exception #22
  * JOSE.JWT.verify uses CPU intensively when signed is nil #23
@potatosalad
Copy link
Owner

This should be fixed in version 1.8.0 of jose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@potatosalad @slashmili