Closed arronwy closed 3 years ago
Thank you for your request. I checked the spec and it looks like you are right.
The RFC7516 says:
14. Let the Additional Authenticated Data encryption parameter be
ASCII(Encoded Protected Header). However, if a JWE AAD value is
present (which can only be the case when using the JWE JSON
Serialization), instead let the Additional Authenticated Data
encryption parameter be ASCII(Encoded Protected Header || '.' ||
BASE64URL(JWE AAD)).
I'm going to merge and release a new version.
To compatiable with golang https://pkg.go.dev/gopkg.in/square/go-jose.v2