JWT detection
FranklinYu opened this issue · 2 comments
FranklinYu commented
Currently if header has Authorization: Bearer it would say "JWT detected" (I believe the logic is here), but RFC 6750 doesn't require Bearer Token to be JWT (for example some Google API doesn't use JWT as Bearer Token). It might be better to label the request as "JWT detected" only when Bearer Token is valid JWT.
ozzi- commented
This should fix the issue, please confirm
https://github.com/mvetsch/JWT4B/blob/2420fb13ca489bbb3f08a8a537f6e906f644fbf1/src/app/tokenposition/AuthorizationBearerHeader.java#L33
Built version with fix:
jwt4b.jar.zip
FranklinYu commented
Works great! Thank a lot man