When deserialising the raw protected header is recorded. But serialising ignores the raw protected header. If hs-jose (aeson) serialises the protected header params in a different order from the original signer, the resulting JWS is no longer valid.
Expected behaviour: re-serialising JWS must preserve original protected header.
When deserialising the raw protected header is recorded. But serialising ignores the raw protected header. If hs-jose (aeson) serialises the protected header params in a different order from the original signer, the resulting JWS is no longer valid.
Expected behaviour: re-serialising JWS must preserve original protected header.
Originally posted by @frasertweedale in https://github.com/frasertweedale/hs-jose/issues/97#issuecomment-687657792