Ray McDermott
Ray McDermott
Correct. I need to check again now that you have 2.2.0 released but this is what I did to get it working before that ... https://gist.github.com/raymcdermott/bad0a3c8cc683db5ddcaafcb7cfb91f2
Perhaps I misunderstand. The JWT is structured such that the `iss` property is in the payload not the header. I take your point about not trusting it until it's verified...
+1 on the one step decode
Sadly x5u is optional and not provided by auth0
The flow I use supports verifying signed JWTs from known providers (via their TLDs / .well-known endpoints) over TLS. The variation that is supported for auth0 and other such multi-tenant...
In the case of auth0 I can't see a way to add that to the header. All of their libs (I have looked at node, java and ruby) work on...
excellent... I propose that I make a PR based on 2.2.0
quick question ... I use the aleph HTTP client. We would need to add that as a dependency. How do you feel about that?
Thanks. I understand the issue but want the client and server to be managed separately. It turns out to only be a dev issue. I do all the comms over...
Oops - I have a work around with [:input ... ] and http-fx Maybe that's just 'the answer'?