If you format a JWK in a slightly incorrect way, this tool will still count it as valid. I think this is fundamentally an issue with rsasignjs, so I submitted a bug report there. I even tried the latest version of that library and the issue was still there, so bumping version wouldn't help.
This caused some headaches for my company, which uses this tool for troubleshooting. The behavior of this doesn't tool line up with the software we use that validates JWTs we receive (Microsoft crypto libraries).
Hi there,
If you format a JWK in a slightly incorrect way, this tool will still count it as valid. I think this is fundamentally an issue with rsasignjs, so I submitted a bug report there. I even tried the latest version of that library and the issue was still there, so bumping version wouldn't help.
This caused some headaches for my company, which uses this tool for troubleshooting. The behavior of this doesn't tool line up with the software we use that validates JWTs we receive (Microsoft crypto libraries).