clj-jwt

Author	SHA1	Message	Date
Shane Kilkelly	d07210c4d1	Validating an unsigned token with a key should be false. If the token supplied to the `verify` function is has a signature which is an empty-string, the key is ignored, presuming that the token is unsigned and that the calling code is not interested in ensuring the token has been signed. If the calling code is trying to verify that the token was signed with their secret key, it is possible for a completely unsigned token to be accepted as valid. This patch adds a check to ensure that if the token is unsigned, but a non-empty key was supplied to `validate`, then the token is considered to not be valid.	2014-09-13 17:23:53 +01:00
Masashi Iizuka	a17fe62662	Merge pull request #3 from bobby/master Upgrade to version 0.0.4	2013-10-17 07:07:09 -07:00
Relevance Pair	42e72421d6	Upgrade to version 0.0.4	2013-10-17 09:58:39 -04:00
liquidz	adbfeaa3c2	#2 fix :iat type in tests	2013-08-09 23:50:41 +09:00
Tobias Steiner	c0190d1b13	Fix :iat typo	2013-08-09 15:27:53 +02:00
liquidz	eefbad3d55	add key.public-key-from-string to get public key from String	2013-07-25 21:48:27 +09:00
liquidz	87e0f0ca06	update	2013-05-06 01:29:00 +09:00
liquidz	a8f960ac45	update README	2013-05-06 01:27:03 +09:00
liquidz	a17f6f3623	support ECDSA algorithm	2013-05-06 01:26:11 +09:00
liquidz	858be1122b	fix clj-jwt.rsa.key-test	2013-05-03 13:31:03 +09:00
Masashi Iizuka	0d20e1c449	Update README.md	2013-05-03 01:15:27 +09:00
Masashi Iizuka	d55c6bf981	Update README.md	2013-05-03 01:04:34 +09:00
liquidz	4c9877d3d5	add .travis.yml	2013-05-03 01:01:34 +09:00
liquidz	6bcc5e5ccd	rename namespace	2013-05-03 00:52:40 +09:00
liquidz	1fd4ad1569	add key tests	2013-05-03 00:47:25 +09:00
liquidz	6c5d5f3b88	add rsa.key tests. update base64 encode/decode functions	2013-05-01 23:56:20 +09:00
liquidz	64e928925b	add verify, update jwt.rsa.key to handle pass phrase	2013-05-01 09:42:50 +09:00
liquidz	b6c6a2403d	add str->jwt	2013-04-29 23:46:25 +09:00
liquidz	3a11c2cff5	first commit	2013-04-29 22:24:41 +09:00

19 commits