Open caffieneToCode opened 5 years ago
Hi @kylef This library is removing HS256 algorithm by filtering it in verifiedAlgorithms in the snippet below.
func verifySignature(_ algorithms: [Algorithm], header: JOSEHeader, signingInput: String, signature: Data) throws { guard let alg = header.algorithm else { throw InvalidToken.decodeError("Missing Algorithm") } let verifiedAlgorithms = algorithms .filter { algorithm in algorithm.description == alg } .filter { algorithm in algorithm.verify(signingInput, signature: signature) } if verifiedAlgorithms.isEmpty { throw InvalidToken.invalidAlgorithm } }
/// Verify a signature for a message using the algorithm
func verify(_ message: String, signature: Data) -> Bool { return sign(message) == base64encode(signature) // Because this returns false }
This works completely fine on jwt.io and the signature verifies correctly.
Any Idea what went wrong here? Because this works with other libraries..
any update on this?
hadiidbouk
commented
5 years ago hadiidbouk
commented
5 years ago
Hi @kylef This library is removing HS256 algorithm by filtering it in verifiedAlgorithms in the snippet below.
/// Verify a signature for a message using the algorithm
This works completely fine on jwt.io and the signature verifies correctly.
Any Idea what went wrong here? Because this works with other libraries..