Closed orangeagain closed 3 years ago
This is right. There is an issue when the JWE token is encrypted, does not contains a JWS but there is requirement designed for JWS like the signature, audience, lifetime or issuer validation.
Bugfix in progress. When a requirement is added to the validation policy, the token is not considered as valid anymore as it is not possible to validate.
`static void Main() { var signatureKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU"); var encryptionKey = new SymmetricJwk("R9MyWaEoyiMYViVWo8Fk4T"); var payload = new byte[] { 76, 105, 102, 101, 32, 108, 111, 110, 103, 32, 97, 110, 100, 32, 112, 114, 111, 115, 112, 101, 114, 46 }; var descriptor = new BinaryJweDescriptor(payload) { EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW };
some not reasonable. If throw a byteArray or string Payload, that will be good.