This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

RFC 7515 -> Appendix F (Detached Content)

Posted on 09-26-2020 12:19 PM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

@Dino-at-Google

Need assistance with detached jws signature for open banking using PS256 alg.

https://openbankinguk.github.io/read-write-api-site3/v3.1.6/profiles/read-write-data-api-profile.htm...

x-jws-signature -> Able to detach content but having challenges in verification.

Ref:

https://medium.com/syntaxa-tech-blog/open-banking-message-signing-b4ab4f7f92d1

https://medium.com/syntaxa-tech-blog/more-open-banking-message-signing-fe461f0a627d

It is extended from the original code to implement the feature..

https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed

Not sure what is making it unhappy to validate the signature(key is valid,sign -not sure (both are base64 encoded while creation/validation ,crit headers seems to be deferred while validation but why? not sure)

Observation is bitStringKey(BitArray) & SigningInputString values differ..Do they need to match? Unable to figure out at the moment and looking for guidance.

Is it possible to open a case #? or if you have access to my org vinnumca-trial -> GeneratJWT_rev26_2020_09_04 (rev2)

Looking forward for thoughts.

0 8 862
Topic Labels
0 Likes
8 REPLIES 8
Top Solution Authors
View all