]> git.immae.eu Git - github/shaarli/Shaarli.git/commit
API: fix JWT signature verification 739/head
authorVirtualTam <virtualtam@flibidi.net>
Wed, 4 Jan 2017 10:41:05 +0000 (11:41 +0100)
committerVirtualTam <virtualtam@flibidi.net>
Wed, 4 Jan 2017 15:59:47 +0000 (16:59 +0100)
commit7a9daac56dc64ec1ddb12adece3e1a8f71778cc7
treeb92c37792e7af48e1da36686f1d722aaffb90a06
parentfc11ab2f290a3712b766d78fdbcd354625a35d0a
API: fix JWT signature verification

Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
application/Base64Url.php [new file with mode: 0644]
application/api/ApiUtils.php
composer.json
tests/api/ApiUtilsTest.php