MyShaarli

Knah-Tsaeb/MyShaarli

Fork 0

Commit graph

Author	SHA1	Message	Date
VirtualTam	f211e417bf	lint: apply phpcbf to application/ Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-12-02 22:39:16 +01:00
VirtualTam	7a9daac56d	API: fix JWT signature verification Fixes https://github.com/shaarli/Shaarli/issues/737 Added: - Base64Url utilities Fixed: - use URL-safe Base64 encoding/decoding functions - use byte representations for HMAC digests - all JWT parts are Base64Url-encoded See: - https://en.wikipedia.org/wiki/JSON_Web_Token - https://tools.ietf.org/html/rfc7519 - https://scotch.io/tutorials/the-anatomy-of-a-json-web-token - https://jwt.io/introduction/ - https://en.wikipedia.org/wiki/Base64#URL_applications - https://secure.php.net/manual/en/function.base64-encode.php#103849 Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2017-01-04 16:59:47 +01:00

Author

SHA1

Message

Date

VirtualTam

f211e417bf

lint: apply phpcbf to application/

Signed-off-by: VirtualTam <virtualtam@flibidi.net>

2018-12-02 22:39:16 +01:00

VirtualTam

7a9daac56d

API: fix JWT signature verification

Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>

2017-01-04 16:59:47 +01:00

2 commits