You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As stated in RFC-7797 JSON Web Signature (JWS) Unencoded Payload Option,
For interoperability reasons, JSON Web Tokens [JWT] MUST NOT use
"b64" with a "false" value.
This means that the this spec must be updated to mention that token with b65=false header must be rejected and a TCK test is needed to confirm an implementation handles it correctly.
The text was updated successfully, but these errors were encountered:
I'm not sure MP JWT spec needs to focus on this property as it also involves the use of the crit header, https://www.rfc-editor.org/rfc/rfc7797#section-6, and it just can make it tricky to deal with; but please investigate if you'd like.
As stated in RFC-7797 JSON Web Signature (JWS) Unencoded Payload Option,
This means that the this spec must be updated to mention that token with
b65=false
header must be rejected and a TCK test is needed to confirm an implementation handles it correctly.The text was updated successfully, but these errors were encountered: