Closed JoergAdler closed 4 years ago
In https://github.com/Mercateo/spring-security-jwt/blob/master/src/main/java/com/mercateo/spring/security/jwt/token/verifier/JWTVerifierFactory.java#L71 the algorithm is set to RS256, but the token also has a field with algorithm in it. So verifying would not work if the token provides a e.g. RS512 key-field
In https://github.com/Mercateo/spring-security-jwt/blob/master/src/main/java/com/mercateo/spring/security/jwt/token/verifier/JWTVerifierFactory.java#L71 the algorithm is set to RS256, but the token also has a field with algorithm in it. So verifying would not work if the token provides a e.g. RS512 key-field