Open simo5 opened 9 months ago
According to RFC 7519 only the compact serialization can be used for a proper JWT token. Jwcrypto accepts any JWS/JWE token for parsing.
While this not a problem per se, people may want to reject even the ability to parse a non-compact serialization to reduce potential attack surface.
Provide a "strict" or "serialization" option when instantiating a JWT so that this aspect can be controlled.
According to RFC 7519 only the compact serialization can be used for a proper JWT token. Jwcrypto accepts any JWS/JWE token for parsing.
While this not a problem per se, people may want to reject even the ability to parse a non-compact serialization to reduce potential attack surface.
Provide a "strict" or "serialization" option when instantiating a JWT so that this aspect can be controlled.