authentikat-jwt icon indicating copy to clipboard operation
authentikat-jwt copied to clipboard

Published 20 hours ago verified publisher icon jasongoodwin

Metadata

JWT Scala Implementation - Claims based auth for Scala.

Results 10 authentikat-jwt issues
Sort by recently updated
recently updated
newest added

Latest version released on Maven has security vuln

2 comment

Maven repo page: [here](https://mvnrepository.com/artifact/com.jason-goodwin/authentikat-jwt) CVE report: [here](https://nvd.nist.gov/vuln/detail/CVE-2017-18239) Please cut a new release as soon as possible to protect your users.

anfedorov avatar anfedorov

Refactoring:

- upgrade Scala 2.13 and sbt 1.4.4

Bunyod avatar Bunyod

JwtHeader.fromJsonString fails on scala 2.12.12

Trying to parse the JWT with scala 2.12.12 fails The following snippet will return `false` on validation: ```scala val jwt = JsonWebToken(JwtHeader("HS256"), JwtClaimsSet(Map.empty[String, String]), "test") JsonWebToken.validate(jwt, "test") ``` There appears...

seriar avatar seriar

Maintaining the Project

1 comment

Hi! I'm reaching out because I see you are on the search for a maintainer for this project. We utilize this dependency in our project's over here at SignalPath and...

benjaminjacobberg avatar benjaminjacobberg

Token Validate step should not use algorithm provided in the jwt header

3 comment

This implementation is insecure, specifically the verification step can be circumvented easily. Because you use the algorithm specified in the header to verify, and attacker could just send you a...

mlegore avatar mlegore

JwtHeader should include optional param "kid" (key id)

1 comment

In the case where the public key is looked up from a map of `kid -> publicKeys`, is it possible to parse the `kid` from the Jwt Header for that...

evbo avatar evbo

RSA signature using SHA-256 hashing algorithm

21 comment

Is it possible to create an RSA signature using SHA-256 hashing algorithm? As this is the only one supported by the [Google App Engine](https://developers.google.com/accounts/docs/OAuth2ServiceAccount) for authentication.

Aranir avatar Aranir

enhancement

Pass in keys as byte arrays instead of strings

2 comment

Right now, at least for HMac, the `String` key is converted to `Array[Byte]` (https://github.com/jasongoodwin/authentikat-jwt/blob/master/src/main/scala/authentikat/jwt/JsonWebSignature.scala#L47) using `String.asBytes` (http://docs.oracle.com/javase/8/docs/api/java/lang/String.html#getBytes--). This is kind of confusing, and unless I'm missing something is platform-dependent and...

raboof avatar raboof

Allow specifying keys as byte arrays (closes #24)

2 comment

raboof avatar raboof

JWT algorithm specification

3 comment

As per the recent JWT vulnerability concerns, (https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to...

natefrechette avatar natefrechette

enhancement

Metadata

134
Stars
47
Forks
Watchers

Owner

verified publisher icon jasongoodwin

Metadata

JWT Scala Implementation - Claims based auth for Scala.

Back