top | item 44095347

(no title)

Zamicol | 9 months ago

{ "pay": { "msg": "There are also other options.", "alg": "ES256", "iat": 1748248973, "tmb": "9PcBWntvjAktwfiPp8WxgOyQOwc1h6Lo1UnB_gkWXKk", "typ": "cyphr.me/msg/create" }, "sig": "sHyMrykhsta5etjqH1e5oho0EpEs2FrblQ0DFHQo0aMgKd2V__SQ2Fl2EOSKt8wl65iLmKgIaMVEgCmhtvbUcg" }

Verify: https://cozejson.com

Spec: https://github.com/Cyphrme/Coze

discuss

francislavoie|9 months ago

I don't like it much, using JSON as the transport has some problems if encoded in a URL as required by many auth flows. Paseto encodes the whole version+payload+signature to make it easier to transport. Of course you could just base64 encode the whole Coze JSON, but that isn't part of the spec, which means the spec is weak.

hirsin|9 months ago

Hm, I wonder how the double sig problem that SAML would run into will work here. What happens if someone adds an extra sig object there?