haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #737 from SamWhited/jwt_signing_none_check 

Check for "none" alg in JWT signing
This commit is contained in:
Paweł Domas 2016-08-01 08:33:08 -05:00 committed by GitHub
parent 10517115c3 d625b8e3f3
commit 0ea5175354
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
prosody-plugins/token/util.lib.lua
View File

@ -21,6 +21,11 @@ local function _verify_token(token, appId, appSecret, roomName, disableRoomNameC
return nil, err;
end
local alg = claims["alg"];
if alg ~= nil and (alg == "none" or alg == "") then
return nil, "'alg' claim must not be empty";
end
local issClaim = claims["iss"];
if issClaim == nil then
return nil, "'iss' claim is missing";