Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
agwa
6d ago
0 comments
Save
Share
You would think so, but even an
authentication
company screwed it up:
https://cybercx.co.nz/blog/json-web-token-validation-bypass-...
0 comments
2 comments · 2 top-level
top
newest
oldest
userbinator
6d ago
Clearly trying to be too general. I wrote a tiny JWT validator before that only allows a very small subset of algorithms because I wasn't expecting the JWTs it would handle to have anything else, and obviously not "none".
y2244
6d ago
Wow lol
j
/
k
navigate · click thread line to collapse
