If I create a JWT with whitespace after the header JSON's closing brace, the library rejects the token with a decode exception.
Example token: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9Cg.e30K.MEYCIQD9xmk9EtRLX7EwfgaWUc8ioyFcwvfQ1lIy9dANOuLBCwIhALyQ42E8W3et8FGBWfUxtEgfucLA0V47gJlenA5Us_IL
Exception:
#<JWTDecodeException com.auth0.jwt.exceptions.JWTDecodeException: The string '{"typ":"JWT","alg":"ES256"}
' doesn't have a valid JSON format.>
RFC 7519 says the JSON under the base64 is allowed to have whitespace between and around JSON elements. In this case, there's a trailing 0x0A.
If I create a JWT with whitespace after the header JSON's closing brace, the library rejects the token with a decode exception.
Example token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9Cg.e30K.MEYCIQD9xmk9EtRLX7EwfgaWUc8ioyFcwvfQ1lIy9dANOuLBCwIhALyQ42E8W3et8FGBWfUxtEgfucLA0V47gJlenA5Us_ILException:
RFC 7519 says the JSON under the base64 is allowed to have whitespace between and around JSON elements. In this case, there's a trailing 0x0A.