Closed onli closed 8 years ago
Actually, the Python demo-rp has a PR that implements signature verification:
I opened an issue for the JWT gem: https://github.com/nov/json-jwt/issues/32
https://github.com/onli/sinatra-browserid/commit/b38227002824ad7f84b3b47a8324e212e0991ee6 fixes it for the sinatra browserid gem. I'll close here, since now both existing RPs have it.
Well, @callahad hasn't merged the demo-rp PR yet.
Both our current RPs, the python example and the sinatra module, do not verify the signature. In the case of the sinatra module that is because the check is throwing a error in the used jwt module (see here, verify is called on a string, which does not have such a function), and help would be great to get this cleared up.