[[14] No Subject (sub) claim is present.] error even though not requested in JwtConsumerBuilder
Issue #150
invalid
Hi, I’m starting using Jose4j and following some examples at https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples#markdown-header-producing-and-consuming-a-nested-signed-and-encrypted-jwt. I’ve just read that, as per https://tools.ietf.org/html/rfc7519#section-4.1.2, “Use of this claim is OPTIONAL.”. Since I’m having errors in processing my JWT claims “[[14] No Subject (sub) claim is present.]“ even though I’ve not call the .setRequireSubject() of JwtConsumerBuilder, I had a look at the sources and found that at
it looks a SubValidator is always added to validators, either for a requested or an expected subject.
IMHO, blocking on a missing subject claim even though the .setRequireSubject() has not been called is unexpected.
WDYT?
Thank you.
Comments (3)
-
repo owner
-
repo owner
With the example in https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples#markdown-header-producing-and-consuming-a-nested-signed-and-encrypted-jwt,
If you remove the
claims.setSubject("subject")line, the validation will fail with “[[14] No Subject (sub) claim is present.]”If you also remove the
.setRequireSubject(), the validation will succeed.That’s working as it’s supposed to.
-
repo owner
- changed status to invalid
- Log in to comment
That’s not how it works (or not how it’s supposed to work). Could you provide something that demonstrates?