yogsototh/clj-jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
57 commits 1 branch 2 tags 110 KiB
Commit graph

24 commits

Author SHA1 Message Date
Guillaume Buisson
60cfa068c1
set kid when signing with a key, allow setting the value 2020-01-31 16:32:39 +01:00
Yann Esposito (Yogsototh)
08f3f69909
fix strings in key map portability 2018-02-06 11:17:12 +01:00
Jonas Abreu
2f27f553fd use the same data to sign and verify signature 2015-09-17 14:56:41 -03:00
liquidz
7e9895a092 #18 use bcpkix-jdk15on 1.52 instead of 1.50 2015-06-30 20:35:25 +09:00
Ryan Senior
e13b665c1b Upgraded to Bouncy Castle 1.50 and removed direct calls to addProvider 2015-06-29 08:41:02 -05:00
liquidz
fdaa2c60d1 see #13 add tests and update readme 2015-04-02 20:39:21 +09:00
liquidz
63f80fb453 see #13 add optional paramter that specifies algorithm to verify function 2015-04-02 07:38:32 +09:00
liquidz
d65835283b #10 bugfix: public-key-from-string on invalid key string 2015-02-26 07:43:08 +09:00
liquidz
63244e4330 see #9 code refinement 2014-09-15 23:22:48 +09:00
liquidz
9da81ace39 see #9 Merge branch 'master' of https://github.com/ShaneKilkelly/clj-jwt into ShaneKilkelly-master 2014-09-15 23:17:17 +09:00
Shane Kilkelly
d07210c4d1 Validating an unsigned token with a key should be false. 
If the token supplied to the `verify` function is has a signature which
is an empty-string, the key is ignored, presuming that the token is
unsigned and that the calling code is not interested in ensuring the
token has been signed.

If the calling code is trying to verify that the token was signed with
their secret key, it is possible for a completely unsigned token to be
accepted as valid.

This patch adds a check to ensure that if the token is unsigned, but a
non-empty key was supplied to `validate`, then the token is considered
to not be valid.
 2014-09-13 17:23:53 +01:00
liquidz
78bc74cff3 #5 bug fix: handling string key problem 2014-06-19 21:54:25 +09:00
liquidz
c611871156 #5 bug fix for claims containing string key 2014-06-18 22:24:16 +09:00
liquidz
fc1ae52a92 see add clj-jwt.intdate which convert joda-time and IntDate value each other 2014-04-20 18:34:15 +09:00
liquidz
f6ee1dd2c6 update for clojure 1.6.0 2014-04-19 21:21:35 +09:00
liquidz
adbfeaa3c2 #2 fix :iat type in tests 2013-08-09 23:50:41 +09:00
liquidz
eefbad3d55 add key.public-key-from-string to get public key from String 2013-07-25 21:48:27 +09:00
liquidz
a17f6f3623 support ECDSA algorithm 2013-05-06 01:26:11 +09:00
liquidz
6bcc5e5ccd rename namespace 2013-05-03 00:52:40 +09:00
liquidz
1fd4ad1569 add key tests 2013-05-03 00:47:25 +09:00
liquidz
6c5d5f3b88 add rsa.key tests. update base64 encode/decode functions 2013-05-01 23:56:20 +09:00
liquidz
64e928925b add verify, update jwt.rsa.key to handle pass phrase 2013-05-01 09:42:50 +09:00
liquidz
b6c6a2403d add str->jwt 2013-04-29 23:46:25 +09:00
liquidz
3a11c2cff5 first commit 2013-04-29 22:24:41 +09:00