diff --git a/src/jose/mod.rs b/src/jose/mod.rs index 2e73472..680f490 100644 --- a/src/jose/mod.rs +++ b/src/jose/mod.rs @@ -336,6 +336,12 @@ where map.extend(parameters); Ok(map.into()) } + + /// The JOSE header value, serialized into compact form, used for signing. + + pub(crate) fn message(&self) -> Result { + Base64JSON(&self).serialized_value() + } } #[cfg(feature = "fmt")] diff --git a/src/token/mod.rs b/src/token/mod.rs index 1cdaf61..19d35a6 100644 --- a/src/token/mod.rs +++ b/src/token/mod.rs @@ -463,10 +463,9 @@ specified by constraining the type of `key` when calling [`Token::sign`]. S: SignatureEncoding, { let header = self.state.header.into_signed_header(algorithm)?; - let headers = Base64JSON(&header).serialized_value()?; let payload = self.payload.serialized_value()?; let signature = algorithm - .try_sign_token(&headers, &payload) + .try_sign_token(&header.message()?, &payload) .map_err(TokenSigningError::Signing)?; Ok(Token { payload: self.payload, @@ -492,10 +491,9 @@ specified by constraining the type of `key` when calling [`Token::sign`]. S: SignatureEncoding, { let header = self.state.header.into_signed_header(algorithm)?; - let headers = Base64JSON(&header).serialized_value()?; let payload = self.payload.serialized_value()?; let signature = algorithm - .try_sign_token(&headers, &payload, rng) + .try_sign_token(&header.message()?, &payload, rng) .map_err(TokenSigningError::Signing)?; Ok(Token { payload: self.payload,