diff options
author | VirtualTam <virtualtam@flibidi.net> | 2017-01-04 11:41:05 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2017-01-04 16:59:47 +0100 |
commit | 7a9daac56dc64ec1ddb12adece3e1a8f71778cc7 (patch) | |
tree | b92c37792e7af48e1da36686f1d722aaffb90a06 /tmp/.htaccess | |
parent | fc11ab2f290a3712b766d78fdbcd354625a35d0a (diff) | |
download | Shaarli-7a9daac56dc64ec1ddb12adece3e1a8f71778cc7.tar.gz Shaarli-7a9daac56dc64ec1ddb12adece3e1a8f71778cc7.tar.zst Shaarli-7a9daac56dc64ec1ddb12adece3e1a8f71778cc7.zip |
API: fix JWT signature verification
Fixes https://github.com/shaarli/Shaarli/issues/737
Added:
- Base64Url utilities
Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded
See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'tmp/.htaccess')
0 files changed, 0 insertions, 0 deletions