Incorrectly rejects whitespace after JSON header as invalid · Issue #144 · auth0/java-jwt · GitHub
Skip to content

Incorrectly rejects whitespace after JSON header as invalid #144

Description

@timmc

If I create a JWT with whitespace after the header JSON's closing brace, the library rejects the token with a decode exception.

Example token: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9Cg.e30K.MEYCIQD9xmk9EtRLX7EwfgaWUc8ioyFcwvfQ1lIy9dANOuLBCwIhALyQ42E8W3et8FGBWfUxtEgfucLA0V47gJlenA5Us_IL

Exception:

#<JWTDecodeException com.auth0.jwt.exceptions.JWTDecodeException: The string '{"typ":"JWT","alg":"ES256"}
' doesn't have a valid JSON format.>

RFC 7519 says the JSON under the base64 is allowed to have whitespace between and around JSON elements. In this case, there's a trailing 0x0A.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions