I am facing issue while validating Okta token using JWTTokenValidator.
For ex token is :
case 1 :
if I change here last character grater than ‘g’ i.e ‘h’ onwards till ‘z’ , then Jwt validation got success(i.e unexpectable result).
case 2 :
if i change last character less than ‘g’ i.e ‘a’ to ‘f’, then Jwt validation got failed (i.e correct validation)
Using Okta jwt verifier version: ‘0.5.0’
In case of 1 padding length is same for both the local and token then it is getting through the check and getting validated
In case of 2 padding length is same for both the local and token then it is getting through the check and getting validation failed and throwing the exception.
Possible Solutions tried:
b. JWT token decoding even when the last character of the signature is changed
Questions raised for the above solution (b)
this solution suggest that it is algorithm specific
– If this is algorithm specific then how can we finalize on the Algorithm to be used and will arrival of new algorithm in future impact our algorithm ?
– Why this is not generic ?
Validation should fail for both case 1 and case 2. i.e if I replace any character in the token it should fail the validation