Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A JWT configured to be signed using the ES512 algorithm may have an invalid signature #2661

Closed
robotdan opened this issue Feb 28, 2024 · 2 comments
Closed

A JWT configured to be signed using the ES512 algorithm may have an invalid signature #2661

robotdan opened this issue Feb 28, 2024 · 2 comments
Assignees
@robotdan @spwitt
Labels
bug Something isn't working
Milestone
1.49.0

Comments

@robotdan
Copy link
Member

A JWT configured to be signed using the ES512 algorithm may have an invalid signature

Description

It is possible that when using the ES512 algorithm to sign a JWT, the signature may not be valid.

Observed versions

1.48.0

Affects versions

>= 1.4.0. We introduced Elliptic Curve support in version 1.4.0.

Steps to reproduce

  1. Sign a JWT using ES512
  2. Verify the signature

In testing, one out of every 1-2k signatures may be invalid.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Add any other context about the problem here.
@robotdan
Copy link
Member Author

Internal:

@robotdan robotdan added the bug Something isn't working label Feb 28, 2024
@robotdan robotdan added this to the 1.49.0 milestone Feb 28, 2024
This was referenced Feb 28, 2024
Merged
Closed
@robotdan
Copy link
Member Author

robotdan commented Feb 29, 2024
edited
Loading

Need to update to fusionauth-jwt version 5.3.2 from 5.2.4 to pick up this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robotdan robotdan

@spwitt spwitt

Labels
bug Something isn't working
Projects
FusionAuth Issues
Status: Delivered
Milestone
1.49.0
Development

No branches or pull requests
3 participants
@robotdan @spwitt @andrewpai