panva
commented
5 years ago Hi @namrata25
1) RFC7797 talks about unencoded payload, not signatures.
2) "b64": false MUST be accompanied by "crit": ["b64"] in the header. 1, 2
3) Implementations MUST throw when "crit" members aren't understood by the implementation.
Since this jwa module really only deals with signing and verification of provided inputs what you're asking should be part of the module you're using.
Other JOSE packages, e.g. jose support the RFC7797-defined b64 critical parameter.
Hello,
I am using jws library which internally uses this module and it seems that the signature generated does not meet the specifications.
According to the standards, if I pass b64: false in the header, the signature returned should not be base64Url encoded.
After going through the code of the library, it looks like you are returning base64Url encoded signature irrespective of what is passed in the header.
https://github.com/brianloveswords/node-jwa/blob/master/index.js#L153
Would appreciate your take on this.
Thanks