Replies: 1 comment
-
Unfortunately, that function has been removed in 1.1.0, and it was removed for a reason. If you can't upgrade, please send me a PR. I don't intend to actively maintain older versions myself. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
It looks like the KID is not used to locate a JWK and the package simply iterates through all the JWKs in a JWKS and validates the JWT with each JWK.
jwx/jws/jws.go
Line 343 in 3bb9a18
Is this the expected behaviour?
Our system testers have raised the defect as the JWT being validated did not have a "kid" claim in its header that matched any of the KIDs of the JWKs.
Beta Was this translation helpful? Give feedback.
All reactions