Skip to content

Use strict JWT part decoding and redacted errors#359

Open
fhwvtqdc2q-svg wants to merge 4 commits into
auth0:masterfrom
fhwvtqdc2q-svg:codex/strict-jwt-errors
Open

Use strict JWT part decoding and redacted errors#359
fhwvtqdc2q-svg wants to merge 4 commits into
auth0:masterfrom
fhwvtqdc2q-svg:codex/strict-jwt-errors

Conversation

@fhwvtqdc2q-svg
Copy link
Copy Markdown

@fhwvtqdc2q-svg fhwvtqdc2q-svg commented May 16, 2026

Summary

  • reject JWT Base64URL parts with unexpected characters instead of ignoring them
  • avoid echoing JWT strings or encoded JWT parts in error descriptions
  • add tests for strict decoding and redacted error descriptions

Validation

  • Not run locally: Swift toolchain is not installed on this Windows machine.
  • Local checkout note: generated docs contain Windows-invalid paths, so the source was inspected from an archive excluding docs.

@fhwvtqdc2q-svg fhwvtqdc2q-svg requested a review from a team as a code owner May 16, 2026 05:26
@NandanPrabhu
Copy link
Copy Markdown
Contributor

NandanPrabhu commented May 19, 2026

Hi @fhwvtqdc2q-svg thanks for raising the PR. We will check this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sanchitmehtagit sanchitmehtagit sanchitmehtagit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fhwvtqdc2q-svg @NandanPrabhu @sanchitmehtagit