Fix algorithm family validation

Keats / jsonwebtoken

JWT lib in rust

MIT License

1.67k stars 266 forks source link

Fix algorithm family validation #264

Closed beltram closed 2 years ago

beltram commented 2 years ago

Algorithm family validation currently fails when supported algorithm are from different families. For example

validation.algorithms = vec![Algorithm::EdDSA, Algorithm::ES256];

will fail validating ES256 signed JWS whereas it should

Keats commented 2 years ago

It's kind of intended though, to avoid one of the pitfall of JWTs.

beltram commented 2 years ago

Well I get the point for allowing both symetric & asymetric algorithms. Although it's sad if I want to use only asymetric algorithms like Ec & Ed here, but I guess i can workaround that on my side.
Thanks for you answer