[OAUTH-WG] JWS encoding Appendix A

Antonio Sanso <asanso@adobe.com> Wed, 05 June 2013 13:27 UTC

Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 47EDB21F9AAD for <oauth@ietfa.amsl.com>; Wed, 5 Jun 2013 06:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.595
X-Spam-Status: No, score=-4.595 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, TRACKER_ID=2.003]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pP4eCPQvdwFB for <oauth@ietfa.amsl.com>; Wed, 5 Jun 2013 06:27:27 -0700 (PDT)
Received: from exprod6og109.obsmtp.com (exprod6og109.obsmtp.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9D24221F9A82 for <oauth@ietf.org>; Wed, 5 Jun 2013 06:27:25 -0700 (PDT)
Received: from outbound-smtp-2.corp.adobe.com ([]) by exprod6ob109.postini.com ([]) with SMTP ID DSNKUa88vcbszM/eORbEewC9jPMAqdzLPVFS@postini.com; Wed, 05 Jun 2013 06:27:26 PDT
Received: from inner-relay-1.corp.adobe.com (inner-relay-1.corp.adobe.com []) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r55DRNAI016155 for <oauth@ietf.org>; Wed, 5 Jun 2013 06:27:24 -0700 (PDT)
Received: from nacas01.corp.adobe.com (nacas01.corp.adobe.com []) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id r55DRN6A028102 for <oauth@ietf.org>; Wed, 5 Jun 2013 06:27:23 -0700 (PDT)
Received: from eurhub01.eur.adobe.com ( by nacas01.corp.adobe.com ( with Microsoft SMTP Server (TLS) id; Wed, 5 Jun 2013 06:27:22 -0700
Received: from eurmbx01.eur.adobe.com ([]) by eurhub01.eur.adobe.com ([]) with mapi; Wed, 5 Jun 2013 14:27:21 +0100
From: Antonio Sanso <asanso@adobe.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Date: Wed, 5 Jun 2013 14:27:16 +0100
Thread-Topic: JWS encoding Appendix A
Thread-Index: Ac5h8Gf6B9cMsXqnS4iUMhrVweZ0wg==
Message-ID: <2481701B-912B-4B5B-821C-D86721A4C4C6@adobe.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2481701B912B4B5B821CD86721A4C4C6adobecom_"
MIME-Version: 1.0
Subject: [OAUTH-WG] JWS encoding Appendix A
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 13:27:32 -0000

Hi *,

while testing my encoding routine against JWS I spot a difference between my encoding and the one in the spec.

More specifically I am referring to Appendix A.1.1 [0] of the JWS spec.
Now it could easily be that the library I wrote is wrong but it works fine with the encoding in the JWT spec for example.
If somebody would like to give a look just for the record the encoding for the header in the spec looks like \


while for me would look like


Same for the payload, spec


my library


Now the difference is probably given from the fact I did not take care in consideration carriage return in my input.
I am on a huge JSON expert but what is the correct way to handle it?



[0] http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11#appendix-A.1