JWT: looks that buy as Tom also works with alg:none · Issue #1411 · WebGoat/WebGoat · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT: looks that buy as Tom also works with alg:none #1411

Closed
nbaars opened this issue Feb 14, 2023 · 0 comments
Closed

JWT: looks that buy as Tom also works with alg:none #1411

nbaars opened this issue Feb 14, 2023 · 0 comments
Assignees
@nbaars
Labels
waiting for release Issue is fix, waiting on new release
Milestone
2023.4

Comments

@nbaars
Copy link
Collaborator

nbaars commented Feb 14, 2023

The lesson is meant to use the refresh token, but as the integration test shows it actually can also be solved with using none.

Of course this is not a problem, might be good to mention in the response towards the user, to mention "good thinking you found an alternative solution..."
@nbaars nbaars self-assigned this Feb 17, 2023
@nbaars nbaars added the waiting for release Issue is fix, waiting on new release label Feb 17, 2023
@nbaars nbaars added this to the 2023.4 milestone Feb 17, 2023
@nbaars nbaars closed this as completed Feb 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nbaars nbaars

Labels
waiting for release Issue is fix, waiting on new release
Projects
None yet
Milestone
2023.4
Development

No branches or pull requests
1 participant
@nbaars