Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[proposal] Filter `VerificationMethod` by `kid` if one is present in the header
See original GitHub issueThe default behavior for JWT/JWS verification is to extract an array of possible signers from the DID document of the iss and then verify each signer to check for a signature match.
This can be improved by also looking for a kid property in the header and only using that one for verification.
For this to work, kid (if present) must be a DID URL with a #fragment, that dereferences to a VerificationMethod from the DID document of the iss.
- if
kidis present,kidandissDID must match - if
kidis present, apply the filter as early as possible, to avoid expensive cryptographic operations.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:3
- Comments:6 (3 by maintainers)
Top Results From Across the Web
JWS that are not JWT Proposal · Issue #2 - GitHub
One option is that it simply says that it references the publicKeyJwk that has the given kid , while ignoring any verification methods...
Read more >only allow children of a specific type in a react component
You can filter/modify components like this: this.modifiedChildren = React.Children.map(children, child => { if (React.
Read more >Securing your app with signed headers | Identity-Aware Proxy
Verifying the JWT header ... Make sure that the JWT was signed by the private key that corresponds to the token's kid claim....
Read more >Filter Data from Your Views - Tableau Help
Filtering is an essential part of analyzing data. This article describes the many ways you can filter data from your view. It also...
Read more >Navigate Test Plans - Azure DevOps - Microsoft Learn
Test plan header : Locate, favorite, edit, copy or clone a test plan. ... Show the filter controls to help you find plans...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Bad stalebot!
it’s worth constraining
kidto be a DID URL, not a DID… this would mean it is distinguishable fromdidDocument.idandverificationMethod.controller, both of which would align withiss.