Because there's no default: branch erroring out, I could smuggle any valid JSON there, like true, false, null, any number or an object.
They'll simply be discarded.
I don't know if there's security implications, might not because because header and payload are signed by the issuer, and any tampering would get detected. But since I can't for 100 % say it's a non-issue, I'd feel more comfortable rejecting the data that would get discarded otherwise.
WDYT?
Because there's no
default:branch erroring out, I could smuggle any valid JSON there, liketrue,false,null, any number or an object.jwt/claims.go
Line 69 in 1639fcf
They'll simply be discarded.
I don't know if there's security implications, might not because because header and payload are signed by the issuer, and any tampering would get detected. But since I can't for 100 % say it's a non-issue, I'd feel more comfortable rejecting the data that would get discarded otherwise.
WDYT?