Closed Verdent closed 2 years ago
Hi @Verdent The reason the failure is expected is that the test endpoint expects an inner-signed encrypted token - so the successful verification is not enough - the token has to be decrypted first - however the test sends a signed only token.
We'll need to discuss the dynamic token verification in more detail for 3.0, hopefully in scope of the multi-tenant support
@sberyozkin Thank you for clarification. I have completely missed that. :-)
Closing issue
Hi, I would like to ask, why is it expected for this test to pass?
This is how I understand it:
What am I getting incorrectly here?
For example test EmptyTokenTest.validToken does exactly the same thing in terms of not having any public key provided to the kid and this time validation is expected to pass.
If we would not fall back to the public key which had not kid assigned, the first mentioned test would pass, but the second would fail.