-
I`m new in app development, trying to build a login function and im having some troubles in validating, the way im validating is it correct?
```php
require_once 'vendor/autoload.php';
use Lcobu…
-
This was a bummer to me. By default, the following library usage is insecure at not RFC-compliant:
```
local jwt_obj = jwt:verify(SECRET_KEY, token)
```
For example, this happily returns `jwt_obj.ve…
-
I have an app running 1.0 (Microsoft.NETCore.App v1.0.0) referencing Microsoft.IdentityModel.Tokens 5.0.0.
I have upgraded the app to 1.1 (as part of testing https://github.com/dotnet/corefx/issues/1…
-
The only requirement for ILP Addresses is that they are a binary string that can be used for prefix based matching at connectors.
Therefor RFC 3 does not need to specify an encoding but can recommend…
-
**Organization**: 3
**Type**: Pharmaceutical Software Company
**Document (63-3, 63A, 63B, or 63C)**: 63B
**Reference (Include section and paragraph number)**: 7.1
**Comment (Include rationale for comm…
-
- JWT, for security, it needs a "Secret Hash".
- bcrypt library, in passwords management, is used for avoid add a salt, because this is insecure and an atacker if have the code have more posibilities …
-
The “creation time” header parameter in Section 3.1 is one of several attributes that are being proposed as a header parameter, whereas it is actually unrelated to the cryptographic operations being p…
-
Is there a way to know if the signing in a/c is a MSA or home/commercial a/c before making any graph api calls ?
Logging in with a MSA account (e.g., john_doe@outlook.com) and trying to retrieve user…
-
Testing JOSW-JWT I was getting "Invalid algorithm specified" errors with certificates that were working fine using Microsoft's JwtSecurityTokenHandler.
Following the advice of http://hintdesk.com/c-h…
-
According to the [OpenID Connect specification section 2. ID Token](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) the `exp` and `iat` claims are REQUIRED and specified as JSON number r…