Typo in the AlgorithmId.ES256X?

[olivier-spinelli]

AlgorithmId defines:

        /// <summary>
        /// 'ES256X'
        /// https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-05
        /// </summary>
        ES256X = -46,

Shouldn't it be ES256K as defined here? https://tools.ietf.org/html/rfc8812#section-3.3

(Sorry if I miss something here... But if it's the case, a comment may be a good idea.)

[ycrumeyrolle]

You're right, this is an error

[ycrumeyrolle]

The PR that implement this algorithm was named correctly https://github.com/uruk-project/Jwt/pull/494, not the code. I have not clue of the origin of the typo error... Will be fixed with #547

[olivier-spinelli]

The fact is that X/K, under some fonts can easily be exchanged...

Since, I'm here (don't want to open an issue for a stupid question). I'm having a hard time figuring out the "defaultAlgorithm" here:

TokenValidationPolicyBuilder RequireSignature(string issuer, Jwks keys, SignatureAlgorithm defaultAlgorithm)

Because the "alg" header parameter (https://tools.ietf.org/html/rfc7515#section-4.1.1):

This Header Parameter MUST be present and MUST be understood and processed by implementations.

... default here seems rather strange to me. Is it a way to REQUIRE a given algorithm? In this case, how does this fit with the multiple keys that could be associated to the "kid"?

(This defaultAlgorithm is not optional... just like the "alg" parameter.)

Sorry to ask but I'll appreciate some explanations about this... Thanks in advance.

[ycrumeyrolle]

I really appreciates this feedbacks. I opened a new issue at #548