JWT algorithm specification

[natefrechette]

As per the recent JWT vulnerability concerns, (https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/), I was looking into the JsonWebToken.validate() method in this library and was interesting in forking off and adding an algorithm parameter to the validate method to avoid this recent vulnerability of being able to specify your own encryption algorithm. I will work on this today, and would appreciate any feedback if any.

Nate

[jasongoodwin]

Hey Nate - ya fork and send a pull request - I'll gladly have a look and
appreciate the efforts!
On Jul 13, 2015 11:44 AM, "Nate Frechette" notifications@github.com wrote:

As per the recent JWT vulnerability concerns, (
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/),
I was looking into the JsonWebToken.validate() method in this library and
was interesting in forking off and adding an algorithm parameter to the
validate method to avoid this recent vulnerability of being able to specify
your own encryption algorithm. I will work on this today, and would
appreciate any feedback if any.

Nate

—
Reply to this email directly or view it on GitHub
#15.

[dmeenhuis]

Just an update here, because I ran into something similar since we're using this library in our project as well. Although I feel the API of validate could be more explicit in also requiring an algorithm parameter, from what I can tell the mentioned vulnerability is not exploitable here.

Generating a token with none as the algorithm, results in a JWT string without the signature part. Calling validate on such a token string always results in false, since the validate expects a token with format header.claims.signature; anything else is rejected.

Manually appending a signature doesn't seem to bypass this either. In case of algorithm none, the validate function generates an empty signature which is then compared to the provided signature, which won't match.

[jasongoodwin]

I'm removing the validate in future versions (1.0.0) as I'm implementing RSA. The user must produce the verifier explicitly then to deal with this.

Thanks for looking at this again.