I have this service which is responsible for creating and verifying JWS tokens in my project.
@Service
public class TokenService {
private static final KeyPair KEY_PAIR = Keys.keyPairFor(SignatureAlgorithm.RS256);
public String create(String subject) {
return Jwts.builder().setSubject(subject).signWith(KEY_PAIR.getPrivate()).compact();
}
public Jws<Claims> verify(String token) {
return Jwts.parserBuilder().setSigningKey(KEY_PAIR.getPublic()).build().parseClaimsJws(token);
}
}
How can I verify that the create
method returns the correct token for a given subject when I don't know what the private key it uses is?
Aucun commentaire:
Enregistrer un commentaire