Site icon API Security Blog

JJWT improperly generates signing keys

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilderā€¦Read More

Exit mobile version