Unsecured JWT without signature not include last dot separator
Original Reporter info from Mantis: zamronypj @zamronypj
-
Reporter name: Zamrony P. Juhara
Original Reporter info from Mantis: zamronypj @zamronypj
- Reporter name: Zamrony P. Juhara
Description:
JWT specification for unsecured JWT with empty signature must include last dot separator
https://tools.ietf.org/html/rfc7519#section-6.1
However in fpjwt.pp
function TJWT.GetAsString: TJSONStringType;
begin
Result:=Base64ToBase64URL(EncodeStringBase64(JOSE.AsString));
Result:=Result+'.'+Base64ToBase64URL(EncodeStringBase64(Claims.AsString));
If (Signature<>'') then
Result:=Result+'.'+Signature;
end;
If signature empty, dot character will not be included.
Mantis conversion info:
- Mantis ID: 37830
- Fixed in version: 3.3.1
- Fixed in revision: 46984 (#b9158ed3)
- Target version: 3.2.2