odino
commented
8 years ago hey @stuartm thanks for this! Could you take a look at the tests on travis?
cheers!
Closed stuartm closed 8 years ago
odino
commented
8 years ago hey @stuartm thanks for this! Could you take a look at the tests on travis?
cheers!
stuartm
commented
8 years ago Yes, I saw those, I'll update the pull request with a fix when I get a chance.
gboor
commented
8 years ago I needed this fix and it works fine for me! I do not understand why the tests fail with "malformed input". It would be really great to have this in the master branch, so I can stop hacking the vendor files on every composer update...
stuartm
commented
8 years ago I know why the tests are failing, I'll try to find time in the next couple of days to update the pull request.
odino
commented
8 years ago thanks man :)
On Thu, Mar 17, 2016 at 6:23 PM, Stuart Morgan notifications@github.com wrote:
I know why the tests are failing, I'll try to find time in the next couple of days to update the pull request.
— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/namshi/jose/pull/85#issuecomment-197900718
Nadalin Alessandro http://www.linkedin.com/in/alessandronadalin www.odino.org www.twitter.com/odino
odino
commented
8 years ago @stuartm any update?
stuartm
commented
8 years ago Sorry, work has been really crazy. I'll make time tonight to sort this out.
odino
commented
8 years ago no worries man, know that feeling :)
On Thu, Mar 31, 2016 at 1:05 PM, Stuart Morgan notifications@github.com wrote:
Sorry, work has been really crazy. I'll make time tonight to sort this out.
— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/namshi/jose/pull/85#issuecomment-203835207
Nadalin Alessandro http://www.linkedin.com/in/alessandronadalin www.odino.org www.twitter.com/odino
odino
commented
8 years ago hey @stuartm any luck with this? :)
odino
commented
8 years ago closed for inactivity -- feel free to pick this up again!
stuartm
commented
8 years ago Well I will eventually find time to sort the patch out, however I don't think the ticket should be closed since the bug is still present.
This fixes signature creation, the presently generated signature doesn't comply with the RFC and is rejected by other applications/libraries. The reason is that the signature is base64 encoded as a string instead of a hexidecimal representation of octets.
Convert signature to binary before base64 encode results in the expected signature as verified against the example in RFC 7515 and the http://jwt.io debugger.
Results may be validated with:
echo -n "base64_encoded_header.base64_encoded_payload" | openssl dgst -sha256 -hmac "your_secret" -binary | base64 | tr -- '+=/' '- _'