You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there any requirement blocking an update that would enable the implementation from accepting a spec-compliant algorithm and translating that internally to KMS?
The text was updated successfully, but these errors were encountered:
rudi-eero
changed the title
RFC-spec algorithm claims in header result in not-supported failures
RFC-spec algorithm claims in header result in failures
Apr 3, 2024
@rudi-eero , Thanks for raising this issue and the PR.
I went through the PR #15 and have added a comment to make it backward compatible. Otherwise the changes look good to me. As a follow-up, we can also add similar RFC compliance alg and enc name support for JWE.
Great work introducing this package, thanks for making it available, looking forward to contributing to it!
We're running into an issue where third-party receivers are unable to verify the JWTs produced through the use of this extension due to it requiring the use of KMS algorithm name strings in https://github.com/amzn/nimbus-jose-jwt_aws-kms-extension/blob/main/nimbus-jose-jwt_aws-kms-extension/src/main/java/com/nimbusds/jose/aws/kms/crypto/impl/KmsAsymmetricSigningCryptoProvider.java#L89-L95
This results in a JWT header that looks like:
Downstream verifiers fail because they don't recognize the
alg
value; they're expecting the JWS algorithm names defined in the JWS RFC spec (https://datatracker.ietf.org/doc/html/rfc7518#section-3.1).Is there any requirement blocking an update that would enable the implementation from accepting a spec-compliant algorithm and translating that internally to KMS?
The text was updated successfully, but these errors were encountered: