Closed philiprbrenan closed 3 years ago
karel-m
commented
3 years ago Technically speaking it is not the whole certificate but the public key included in the certificate which is necessary for signature validation.
Could you be more specific (sample code?) about what token are you able to validate with 2 different certificates?
philiprbrenan
commented
3 years ago I see! I have replaced the last 6 lines of the certificate with AAA....AAA and the validation still works - but if I try to change the 7 th to last line then it stops decrypting the certificate. Thanks you for your clarification.
I am validating a JWT that has been signed but not encrypted using:
my $claims = decode_jwt(token=>$token, key=>\$certificate);The token validates correctly. But I can change the content of the certificate without inducing any error. I imagine that the certificate is not needed if the JWT is not encrypted. However, when I remove the key => parameter I get:
JWS: missing key ...If the certificate is not required, please document this fact and remove the dependency on key?