Aradon267
commented
1 month ago After further checks, this does fail without screaming something to the user, but it does redirect to login(I do see prints of errors that say invalid JWT: unable to parse or verify signature, token is unverifiable: signing method (alg) is unavailable and \"unrecognised value; expected: [\\"HS256\\",\\"HS384\\",\\"HS512\\",\\"RS256\\",\\"RS384\\",\\"RS512\\",\\"ES256\\",\\"ES384\\",\\"ES512\\",\\"ES256K\\",\\"PS256\\",\\"PS384\\",\\"PS512\\",\\"none\\",\\"EdDSA\\"]\")
Will check again with Adam that reported this
30% שהם לא בודקים את הJWT כמו שצריך כי הכנסתי Alg = none וזה לא ליטרלי צרח עלי