Closed 0x3bfc closed 6 years ago
The current JWT payload could be reconstructed because the content includes only public data as follows:
// payload { "iss": "resourceowner.com", "sub": "WorldCupDatasetForAnalysis", "iat": 1516239022, "exp": 1526790800, "consumer_pubkey": "Consumer Public Key", "temp_pubkey": "Temp. Public Key for Encryption", "request_id":"Request Identifier", "consent_hash":"Consent Hash", "resource_id": "Resource Identifier", "timeout": "Timeout comming from AUTH contract", "response_type": "Signed_URL", "Resource_Server_plugin": "Azure", },
So, I suggest to add nonce field to the payload in order to avoid this in the future using secure random number generator
nonce
This is already implemented
eruizgar91
commented
6 years ago eruizgar91
commented
6 years ago
The current JWT payload could be reconstructed because the content includes only public data as follows:
So, I suggest to add
noncefield to the payload in order to avoid this in the future using secure random number generator