Validate RSA signed JWT tokens

The default behavior of the tool should be to validate JWT tokens that are signed with RSA. The initial implementation will not validate HSxxx (HMAC shared secret) tokens nor other public key signatures besides RSA. These can be supported later.

The validation procedure will adhere to the following rules:

* validate RSA signature using the key from the JWKS endpoint
* validate `iss`, `nbf`, `iat` and `exp` claims


## recommended guidelines 

* https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens
* ID Token validation https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate RSA signed JWT tokens #20

recommended guidelines

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Validate RSA signed JWT tokens #20

Description

recommended guidelines

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions