Without using signature, to find the payload:
jws = header . payload . signature(header.payload.secret)
The important point here is that you (not JWT) are violating the specification by manipulating the JWS, and you're doing it in a calculated way based on your specific use case. This is fine for individual use cases, but probably not for a spec-compliant library like JWT.
Reference: https://github.com/jwtk/jjwt/issues/135
Jwt Introduction
JWT
jws = header . payload . signature(header.payload.secret)
The important point here is that you (not JWT) are violating the specification by manipulating the JWS, and you're doing it in a calculated way based on your specific use case. This is fine for individual use cases, but probably not for a spec-compliant library like JWT.
Reference: https://github.com/jwtk/jjwt/issues/135
Jwt Introduction
JWT
No comments:
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know.