Script updating gh-pages from f6d1a90. [ci skip]

oauth-wg · Nov 27, 2023 · 35eecf6 · 35eecf6
1 parent ab53573
commit 35eecf6
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 50 deletions.
diff --git a/awoie/fix-182/draft-ietf-oauth-sd-jwt-vc.html b/awoie/fix-182/draft-ietf-oauth-sd-jwt-vc.html
@@ -24,13 +24,13 @@
     intervaltree 3.1.0
     Jinja2 3.1.2
     lxml 4.9.3
-    platformdirs 3.11.0
+    platformdirs 4.0.0
     pycountry 22.3.5
     PyYAML 6.0
     requests 2.31.0
     setuptools 67.7.2
     six 1.16.0
-    wcwidth 0.2.9
+    wcwidth 0.2.10
 -->
 <link href="draft-ietf-oauth-sd-jwt-vc.xml" rel="alternate" type="application/rfc+xml">
 <link href="#copyright" rel="license">
@@ -1033,7 +1033,7 @@
 </tr></thead>
 <tfoot><tr>
 <td class="left">Terbu &amp; Fett</td>
-<td class="center">Expires 11 May 2024</td>
+<td class="center">Expires 30 May 2024</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -1046,12 +1046,12 @@
 <dd class="internet-draft">draft-ietf-oauth-sd-jwt-vc-latest</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2023-11-08" class="published">8 November 2023</time>
+<time datetime="2023-11-27" class="published">27 November 2023</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Standards Track</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-05-11">11 May 2024</time></dd>
+<dd class="expires"><time datetime="2024-05-30">30 May 2024</time></dd>
 <dt class="label-authors">Authors:</dt>
 <dd class="authors">
 <div class="author">
@@ -1090,7 +1090,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 11 May 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on 30 May 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">
@@ -1163,7 +1163,7 @@ <h2 id="name-copyright-notice">
                 <p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="auto internal xref">3.4</a>.  <a href="#name-verification-and-processing" class="internal xref">Verification and Processing</a></p>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5">
-                <p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5" class="auto internal xref">3.5</a>.  <a href="#name-obtaining-public-key-for-is" class="internal xref">Obtaining Public Key for Issuer-signed JWTs</a></p>
+                <p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5" class="auto internal xref">3.5</a>.  <a href="#name-issuer-signed-jwt-verificat" class="internal xref">Issuer-signed JWT Verification Key Validation</a></p>
 </li>
             </ul>
 </li>
@@ -1792,9 +1792,9 @@ <h3 id="name-example">
 LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
 bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
 QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.O-bv6
-ACyfcQLx74nv0RpY38pL2usd5CnHzbDExKhq7EpLkd4QCWss1X5U787OLCP_uAQVCPaX
-WfR6MAyInAZdw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
+eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.fmdSJ
+yXaPtiYUa3ChMDTK5kFYNZzvo8Vd5i4bHeKGT0Uu0PIQkVumUeGO0diW0AGcg2i3TnnF
+le86cz07MioRw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
 AiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgI
 kRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VA
 ZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251b
@@ -1821,8 +1821,8 @@ <h3 id="name-verification-and-processing">
 <p id="section-3.4-2">If Key Binding is required (refer to the security considerations in Section 11.6 of <span>[<a href="#I-D.ietf-oauth-selective-disclosure-jwt" class="cite xref">I-D.ietf-oauth-selective-disclosure-jwt</a>]</span>), the Verifier MUST verify the Key Binding JWT
 according to Section 8 of <span>[<a href="#I-D.ietf-oauth-selective-disclosure-jwt" class="cite xref">I-D.ietf-oauth-selective-disclosure-jwt</a>]</span>. To verify
 the Key Binding JWT, the <code>cnf</code> claim of the SD-JWT MUST be used.<a href="#section-3.4-2" class="pilcrow">¶</a></p>
-<p id="section-3.4-3">Furthermore, the recipient of the SD-JWT VC MUST obtain the public verification key
-for the Issuer-signed JWT as defined in <a href="#public-key-discovery-for-issuer-signed-jwts" class="auto internal xref">Section 3.5</a>.<a href="#section-3.4-3" class="pilcrow">¶</a></p>
+<p id="section-3.4-3">Furthermore, the recipient of the SD-JWT VC MUST validate the public verification key
+for the Issuer-signed JWT as defined in <a href="#issuer-signed-jwt-verification-key-validation" class="auto internal xref">Section 3.5</a>.<a href="#section-3.4-3" class="pilcrow">¶</a></p>
 <p id="section-3.4-4">If there are no selectively disclosable claims, there is no need to process the
 <code>_sd</code> claim nor any Disclosures.<a href="#section-3.4-4" class="pilcrow">¶</a></p>
 <p id="section-3.4-5">If <code>status</code> is present in the verified payload of the SD-JWT, the status SHOULD
@@ -1833,20 +1833,21 @@ <h3 id="name-verification-and-processing">
 specification.<a href="#section-3.4-7" class="pilcrow">¶</a></p>
 </section>
 </div>
-<div id="public-key-discovery-for-issuer-signed-jwts">
+<div id="issuer-signed-jwt-verification-key-validation">
 <section id="section-3.5">
-        <h3 id="name-obtaining-public-key-for-is">
-<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-obtaining-public-key-for-is" class="section-name selfRef">Obtaining Public Key for Issuer-signed JWTs</a>
+        <h3 id="name-issuer-signed-jwt-verificat">
+<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-issuer-signed-jwt-verificat" class="section-name selfRef">Issuer-signed JWT Verification Key Validation</a>
         </h3>
-<p id="section-3.5-1">A recipient of an SD-JWT VC MUST apply the following rules to obtain the public
-verification key for the Issuer-signed JWT:<a href="#section-3.5-1" class="pilcrow">¶</a></p>
+<p id="section-3.5-1">A recipient of an SD-JWT VC MUST apply the following rules to validate the public
+verification key for the Issuer-signed JWT corresponds to the <code>iss</code> value:<a href="#section-3.5-1" class="pilcrow">¶</a></p>
 <ul class="compact">
 <li class="compact" id="section-3.5-2.1">JWT Issuer Metadata: If the <code>iss</code> value contains an HTTPS URI, the recipient MUST
 obtain the public key using JWT Issuer Metadata as defined in <a href="#jwt-issuer-metadata" class="auto internal xref">Section 4</a>.<a href="#section-3.5-2.1" class="pilcrow">¶</a>
 </li>
           <li class="compact" id="section-3.5-2.2">
             <p id="section-3.5-2.2.1">X.509 Certificates: The recipient MUST obtain the public key from the leaf X.509 certificate
-corresponding to the <code>x5c</code>, <code>x5c</code>, <code>x5t</code>, or <code>x5t#S256</code> JWT header parameters of the Issuer-signed JWT if one of them is present. In this case, the recipient MUST validate the X.509 certificate chain and the recipient MUST validate the <code>iss</code> value as follows:<a href="#section-3.5-2.2.1" class="pilcrow">¶</a></p>
+corresponding to the <code>x5c</code> JWT header parameter of the Issuer-signed JWT if the <code>x5c</code> JWT Header is present.
+In this case, the recipient MUST validate the X.509 certificate chain. Then, and the recipient MUST validate the <code>iss</code> value as follows:<a href="#section-3.5-2.2.1" class="pilcrow">¶</a></p>
 <ul class="compact">
 <li class="compact" id="section-3.5-2.2.2.1">If the <code>iss</code> value contains a DNS name encoded as a URI using the DNS URI scheme <span>[<a href="#RFC4501" class="cite xref">RFC4501</a>]</span>, the DNS name MUST match a <code>dNSName</code> Subject Alternative Name (SAN) <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> entry of the leaf certificate.<a href="#section-3.5-2.2.2.1" class="pilcrow">¶</a>
 </li>
@@ -2040,15 +2041,15 @@ <h3 id="name-examples">
 LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
 bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
 QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.O-bv6
-ACyfcQLx74nv0RpY38pL2usd5CnHzbDExKhq7EpLkd4QCWss1X5U787OLCP_uAQVCPaX
-WfR6MAyInAZdw~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7In
+eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.fmdSJ
+yXaPtiYUa3ChMDTK5kFYNZzvo8Vd5i4bHeKGT0Uu0PIQkVumUeGO0diW0AGcg2i3TnnF
+le86cz07MioRw~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7In
 N0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd2
 4iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~eyJhbGciOi
 AiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgI
-mF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE2OTk0O
-DQwNzV9.X9-tQqL1EYyy4Etf7Z0SqEjW2_2hgK7Q-n1FY9XuCPLTapdx2-kt8o_f_Ig8
-IEEcRnCODGxGfAr1z6HMAAieOw
+mF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MDEwN
+TgwNDl9.XgzxcSZqqWgHovNtX85X7Id0pLEP9e_4KLV-4PY08B5pj89XViEtUI_6GXDG
+Uor8gR1RugizPpPgz8afs47iHQ
 
 </pre><a href="#section-5.2-2" class="pilcrow">¶</a>
 </div>
@@ -2069,8 +2070,8 @@ <h3 id="name-examples">
 5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF
 0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9
 jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9
-hbGciOiAic2hhLTI1NiJ9.QPqT0xZSSp0dQexhFtxHl9DONMzafL3Yn4qjrTFeyntJO6
-1xig-UxlYeGQAl8ESFbjQYCV-mTW_RzkTBjAfDiw~WyJRZ19PNjR6cUF4ZTQxMmExMDh
+hbGciOiAic2hhLTI1NiJ9.R_20n_QHYGOCgdfntML5w19FFnKJ7bfrPhcDUDU3aSNe48
+z8CTBRs9IA31mV4HZ8nzvWTy-YqhnLfTXu2H5pNQ~WyJRZ19PNjR6cUF4ZTQxMmExMDh
 pcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0Iiw
 gImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW5
 0cnkiOiAiVVMifV0~
@@ -2118,7 +2119,7 @@ <h3 id="name-ecosystem-specific-public-k">
 <a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-ecosystem-specific-public-k" class="section-name selfRef">Ecosystem-specific Public Key Verification Methods</a>
         </h3>
 <p id="section-6.2-1">When defining ecosystem-specific rules for the verification of the public key,
-as outlined in <a href="#public-key-discovery-for-issuer-signed-jwts" class="auto internal xref">Section 3.5</a>, it is critical
+as outlined in <a href="#issuer-signed-jwt-verification-key-validation" class="auto internal xref">Section 3.5</a>, it is critical
 that those rules maintain the integrity of the relationship between the <code>iss</code> value
 within the Issuer-signed JWT and the public keys of the Issuer.<a href="#section-6.2-1" class="pilcrow">¶</a></p>
 <p id="section-6.2-2">It MUST be ensured that for any given <code>iss</code> value, an attacker cannot influence

diff --git a/awoie/fix-182/draft-ietf-oauth-sd-jwt-vc.txt b/awoie/fix-182/draft-ietf-oauth-sd-jwt-vc.txt
@@ -5,8 +5,8 @@
 Web Authorization Protocol                                      O. Terbu
 Internet-Draft                                      Spruce Systems, Inc.
 Intended status: Standards Track                                 D. Fett
-Expires: 11 May 2024                                       Authlete Inc.
-                                                         8 November 2023
+Expires: 30 May 2024                                       Authlete Inc.
+                                                        27 November 2023
 
 
             SD-JWT-based Verifiable Credentials (SD-JWT VC)
@@ -34,7 +34,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 11 May 2024.
+   This Internet-Draft will expire on 30 May 2024.
 
 Copyright Notice
 
@@ -65,7 +65,7 @@ Table of Contents
        3.2.2.  JWT Claims Set
      3.3.  Example
      3.4.  Verification and Processing
-     3.5.  Obtaining Public Key for Issuer-signed JWTs
+     3.5.  Issuer-signed JWT Verification Key Validation
    4.  JWT Issuer Metadata
      4.1.  JWT Issuer Metadata Request
      4.2.  JWT Issuer Metadata Response
@@ -499,9 +499,9 @@ Table of Contents
    LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
    bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
    QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.O-bv6
-   ACyfcQLx74nv0RpY38pL2usd5CnHzbDExKhq7EpLkd4QCWss1X5U787OLCP_uAQVCPaX
-   WfR6MAyInAZdw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
+   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.fmdSJ
+   yXaPtiYUa3ChMDTK5kFYNZzvo8Vd5i4bHeKGT0Uu0PIQkVumUeGO0diW0AGcg2i3TnnF
+   le86cz07MioRw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
    AiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgI
    kRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VA
    ZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251b
@@ -525,7 +525,7 @@ Table of Contents
    [I-D.ietf-oauth-selective-disclosure-jwt].  To verify the Key Binding
    JWT, the cnf claim of the SD-JWT MUST be used.
 
-   Furthermore, the recipient of the SD-JWT VC MUST obtain the public
+   Furthermore, the recipient of the SD-JWT VC MUST validate the public
    verification key for the Issuer-signed JWT as defined in Section 3.5.
 
    If there are no selectively disclosable claims, there is no need to
@@ -541,19 +541,20 @@ Table of Contents
    Additional validation rules MAY apply, but their use is out of the
    scope of this specification.
 
-3.5.  Obtaining Public Key for Issuer-signed JWTs
+3.5.  Issuer-signed JWT Verification Key Validation
 
-   A recipient of an SD-JWT VC MUST apply the following rules to obtain
-   the public verification key for the Issuer-signed JWT:
+   A recipient of an SD-JWT VC MUST apply the following rules to
+   validate the public verification key for the Issuer-signed JWT
+   corresponds to the iss value:
 
    *  JWT Issuer Metadata: If the iss value contains an HTTPS URI, the
       recipient MUST obtain the public key using JWT Issuer Metadata as
       defined in Section 4.
    *  X.509 Certificates: The recipient MUST obtain the public key from
-      the leaf X.509 certificate corresponding to the x5c, x5c, x5t, or
-      x5t#S256 JWT header parameters of the Issuer-signed JWT if one of
-      them is present.  In this case, the recipient MUST validate the
-      X.509 certificate chain and the recipient MUST validate the iss
+      the leaf X.509 certificate corresponding to the x5c JWT header
+      parameter of the Issuer-signed JWT if the x5c JWT Header is
+      present.  In this case, the recipient MUST validate the X.509
+      certificate chain.  Then, and the recipient MUST validate the iss
       value as follows:
       -  If the iss value contains a DNS name encoded as a URI using the
          DNS URI scheme [RFC4501], the DNS name MUST match a dNSName
@@ -717,15 +718,15 @@ Table of Contents
    LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
    bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
    QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.O-bv6
-   ACyfcQLx74nv0RpY38pL2usd5CnHzbDExKhq7EpLkd4QCWss1X5U787OLCP_uAQVCPaX
-   WfR6MAyInAZdw~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7In
+   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.fmdSJ
+   yXaPtiYUa3ChMDTK5kFYNZzvo8Vd5i4bHeKGT0Uu0PIQkVumUeGO0diW0AGcg2i3TnnF
+   le86cz07MioRw~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7In
    N0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd2
    4iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~eyJhbGciOi
    AiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgI
-   mF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE2OTk0O
-   DQwNzV9.X9-tQqL1EYyy4Etf7Z0SqEjW2_2hgK7Q-n1FY9XuCPLTapdx2-kt8o_f_Ig8
-   IEEcRnCODGxGfAr1z6HMAAieOw
+   mF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MDEwN
+   TgwNDl9.XgzxcSZqqWgHovNtX85X7Id0pLEP9e_4KLV-4PY08B5pj89XViEtUI_6GXDG
+   Uor8gR1RugizPpPgz8afs47iHQ
 
    In this presentation, the Holder provides only the Disclosure for the
    claim address.  Other claims are not disclosed to the Verifier.
@@ -745,8 +746,8 @@ Table of Contents
    5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF
    0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9
    jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9
-   hbGciOiAic2hhLTI1NiJ9.QPqT0xZSSp0dQexhFtxHl9DONMzafL3Yn4qjrTFeyntJO6
-   1xig-UxlYeGQAl8ESFbjQYCV-mTW_RzkTBjAfDiw~WyJRZ19PNjR6cUF4ZTQxMmExMDh
+   hbGciOiAic2hhLTI1NiJ9.R_20n_QHYGOCgdfntML5w19FFnKJ7bfrPhcDUDU3aSNe48
+   z8CTBRs9IA31mV4HZ8nzvWTy-YqhnLfTXu2H5pNQ~WyJRZ19PNjR6cUF4ZTQxMmExMDh
    pcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0Iiw
    gImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW5
    0cnkiOiAiVVMifV0~