fix secp256k1 curve name to follow the standards

nov / json-jwt

JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby

MIT License

299 stars 80 forks source link

fix secp256k1 curve name to follow the standards #111

Closed kazzix14 closed 1 year ago

kazzix14 commented 1 year ago

Hi. I found that crv claim could be wrong when I use secp256k1. This PR fixes a crv claim to follow the standards so that I can use secp256k1 and parse resulting JWTs with other libraries.

the problem is that crv claim is secp256k1. It is an OpenSSL style curve name so it should be P-256K according to this. Also, ruby-jwt assumes crv claim to be P-256K. Because of that, I can't decode JWT created using json-jwt.

nov commented 1 year ago

secp256k1 is the registered curve name. https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve