Closed aj-michael closed 9 years ago
From my (limited) understanding of the SHA2 family, we need to differentiate between sha256, sha384 and sha512. OpenSSL::Digest.new
takes the name of the hashing algorithm as a string to its constructor, so we have to map RS256 -> sha256, ES384 -> sha384, etc. I've added a comment to clarify.
I also added a commit that sets the default to RS256 if no algorithm is present in the token header.
:shipit:
Four fixes: