jwt-cli icon indicating copy to clipboard operation
jwt-cli copied to clipboard

Published 20 hours ago verified publisher icon mike-engel

feat: Require list of expected algorithms when secret/publicKey is given

Open codedust opened this issue 4 years ago • 1 comments

Summary

Instead of allowing only one single algorithm during signature validation, one can now specify a comma-separated list of algorithms using the --algs command line parameter.

In order to encourage users to be aware of the choice of algorithms and safely define a subset of the supported algorithms, the --algs parameter is now required when the -S parameter is set.

Preflight checklist

  • [x] Code formatted with rustfmt
  • [x] Relevant tests added
  • [x] Any new documentation added (documentation of command line parameters has been updated)

Closes #134.

codedust avatar Jul 11 '21 14:07 codedust

Rebased to main

codedust avatar Jul 31 '21 13:07 codedust