Ashish Maheshwari, Software Engineer, Verizon Media In this post, we will outline a change in the way we expose the JSON Web Key (JWK) for our public Elliptic-curve (EC) key at this endpoint: https://api.login.yahoo.com/openid/v1/certs, as well as, immediate steps users should take. Impacted users are any clients who parse our JWK to extract the EC public key to perform actions such as verify a signed token. The X and Y coordinates of our EC public key were padded with a sign bit which caused...
