- changed status to open
Provide more clear error response when "cty" header is provided with invalid JWT
Issue #214
resolved
The error from jose4j is not very helpful when a JWT with "cty":"JWT"
is in the header and the JWT is not using nested signing.
Example JWT:
eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJzdWIiOiIxMjM0IiwiaXNzIjoiYWJjZCIsImF1ZCI6Imh0dHBzOi8vZXhhbXBsZS5jb20vYXMiLCJpYXQiOjE3MDI0OTc5MTgsImV4cCI6MTcwMjQ5ODIxOH0.zq1HwolPl4WgnkggSe9_BaF8rM9LkkMPkhT50CXOsTw
The error occurs at this line in JwtConsumer:
joseObject = JsonWebStructure.fromCompactSerialization(workingJwt);
Error:
Caused by: org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process nested JOSE object (cause: org.jose4j.lang.JoseException: Parsing error: org.jose4j.json.internal.json_simple.parser.ParseException: Unexpected character (�) at position 0.): {"sub":"1234","iss":"abcd","aud":"https://example.com/as","iat":1702497918,"exp":1702498218}
Comments (2)
-
repo owner -
repo owner - changed status to resolved
Attempt to provide somewhat better error messages for invalid JWTs (especially with cty incorrectly set) to fix Issue
#214→ <<cset 3e97f620ad1c>>
- Log in to comment