OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9756094ae2
Ghost/ghost/members-api/lib/services
History
Naz 9756094ae2 🐛 Fixed signing key mismatching in JWT/JWKS 
refs https://github.com/TryGhost/Team/issues/1640
closes https://github.com/TryGhost/Members/pull/401/
refs https://forum.ghost.org/t/ghost-jwt-question-possible-bug/30210

- Without `keyid` parameter some of the clien libraries were not able to match the signin key to verify JWT
- Missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
2022-05-23 18:45:08 +08:00
..
geolocation.js Moved code out of index.js in directories 2021-07-14 14:17:38 +01:00
member-bread.js Ignored last_seen_at in BREAD service 2022-05-02 19:09:47 +01:00
token.js 🐛 Fixed signing key mismatching in JWT/JWKS 2022-05-23 18:45:08 +08:00