Add filter to control the signing algorithm.

Tmeister / wp-api-jwt-auth

A simple plugin to add JSON Web Token (JWT) Authentication to WP REST API

GNU General Public License v2.0

553 stars 159 forks source link

Closed spacedmonkey closed 1 year ago

spacedmonkey commented 6 years ago

The JWT library supports a number of different algorithms, which are listed here.

This new filter allows a develop to pick which one to use, for better security.

spacedmonkey commented 5 years ago

@Tmeister Any chance of a merge? This is worth a read - https://auth0.com/blog/brute-forcing-hs256-is-possible-the-importance-of-using-strong-keys-to-sign-jwts/ Basically says hs256 is easily crackable. So shouldn't be default value / should be filterable.

spacedmonkey commented 4 years ago

@sviluppomania This was approved but not merged..