Hello everybody,
today I noticed that some of my customer’s StoreKit 2 JWTs wouldn’t be verifiably on my server via a Swift JWT library.
However, when pasting the same JWT in jwt.io it would verify successfully. However, further investigation showed that the certificate that jwt.io displays in the “Verify Signature” section is in fact expired.
So the question is: Does jwt.io report false positive or is it in fact correct to not verify the certificate expiration date when validating JWT with X5C?
3 posts - 3 participants