API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

JWT token signature stripping

Nitish SinhaTue December 26, 2023 05:50 AM

Hi, There is a standard JWT API implementation which generates token based on HS256 algorithm. The ...

Nitish SinhaWed December 27, 2023 03:48 AM

Hi, It was figured out that the test conducted was incorrect. Therefore this error seems not valid ...

1. JWT token signature stripping

Like
Nitish Sinha
Posted Tue December 26, 2023 05:50 AM

Reply
Hi,

There is a standard JWT API implementation which generates token based on HS256 algorithm. The problem is that the same token validates well even without signature part. That means when we strip the signature part from the token, it still authorizes the API call. Kindly suggest how to fix the problem. Thanks in advance.

------------------------------
Nitish Sinha
------------------------------
2. RE: JWT token signature stripping

Like
Nitish Sinha
Posted Wed December 27, 2023 03:48 AM

Reply
Hi,

It was figured out that the test conducted was incorrect. Therefore this error seems not valid one. Hence withdrawing the discussion.

------------------------------
Nitish Sinha
------------------------------

Original Message

API Connect

API Connect

JWT token signature stripping

Nitish SinhaTue December 26, 2023 05:50 AM

Nitish SinhaWed December 27, 2023 03:48 AM

1. JWT token signature stripping

2. RE: JWT token signature stripping

Additional
Resources

Office

Quick Links

API Connect

API Connect

JWT token signature stripping

Nitish SinhaTue December 26, 2023 05:50 AM

Nitish SinhaWed December 27, 2023 03:48 AM

1. JWT token signature stripping

2. RE: JWT token signature stripping

Additional Resources

Office

Quick Links

Additional
Resources