Decrytion Error After an elapsed time
Hi, I’m using an encrypted and signed JWT to authenticate in a REST API. I’ve built a login POST resource for token acquisition and a request filter for token validation. I can actually generate the token and then correctly decrypt and validate it in the request filter, but after Tomcat server restart, when I try to decrypt the token inside the filter, I’m getting the following exception:
com.nimbusds.jose.JOSEException: Decryption error- Caused by: javax.crypto.BadPaddingException: Decryption error
I was following this example for token generation. I’ve attached the class where I’m generating and validating the token to this message. The exception it’s being triggered in the method called isValidToken, at line 97.
I really appreciate any help you can provide because I couldn’t identify the cause for this issue and I’d like to discard a possible bug in the library.
Comments (5)
-
reporter -
reporter - edited description
-
The code appears to rely on a key that gets generated statically, at each Tomcat startup.
After a restart a new key will get generated and the previously will be lost, so trying to decrypt a token meant for the old key will fail.
My suggestion is to generate a key offline and store it in some config file or pass it via a Java system property (as BASE64 encoded JWK for example).
-
reporter @Vladimir Dzhuvinov Thanks for your answer and the suggestion. Would it be possible for you to point me to an example about using the library to consume externally stored keys? I’ll make research anyway but having a specific example could be time-saving
-
- changed status to invalid
To write out the JWK in its JSON format:
https://www.javadoc.io/doc/com.nimbusds/nimbus-jose-jwt/latest/com/nimbusds/jose/jwk/RSAKey.html
Some examples for reading a JWK:
https://connect2id.com/products/nimbus-jose-jwt/examples/jwk-retrieval
- Log in to comment
This is the full stack trace of the exception: