1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Upgrade to nimbus-jose-jwt 9.12.1 to 9.13 silently hangs our integration tests

Issue #442 invalid
Former user created an issue

we have been using this library for quite some time, and consistently been updating it, thanks! When we move from 9.12.1 to 9.13, our tests just hang now, for annoyingly silent reasons. I have two versions of our code base, one with 9.12.1 and one with 9.13, and that is the only difference. Obviously i haven't given you enough information for you to likely help. But i'm stumped. Do both sides of the client and server need to be running the same exact nimbus version, here? Or any ideas what to look for?

Comments (3)

  1. Yavor Vasilev

    From the change log:

    version 9.12.1 (2021-08-14)
    * Removes double quote (") characters from ParseException, JOSEException,
      BadJOSEException and other exception messages to make the strings
      compliant when used in OAuth 2.0 error_description strings. See RFC 6749,
      section 5.2.

version 9.13 (2021-08-22)
    * Adds support for ECDH public key authenticated encryption with JWE
      algorithm identifiers ECDH-1PU, ECDH-1PU+A128KW, ECDH-1PU+A128KW and
      ECDH-1PU+A256KW. See Public Key Authenticated Encryption for JOSE:
      ECDH-1PU (draft-madden-jose-ecdh-1pu-04).
    * Adds support for extended nonce ChaCha20-Poly1305 content encryption with
      JWE encryption method identifier XC20P. See Chacha derived AEAD
      algorithms in JSON Object Signing and Encryption (JOSE)
      (draft-amringer-jose-chacha-02).

    If you have two components using JWTs they should interop based on the JWT, not the libraries or their versions.

  2. Dave Brosius

    OK, i’ve resolved the issue by luck. Here is what was going on.

    I have a set of integration tests that use a library for making rest calls to the application under test. The integration tests supply nimbus-jose-jwt 9.13 for the execution of the tests. However the library was compiled against nimbus-jose-jwt 9.12.1. With this scenario something was hanging consistently. when i updated the library to compile against 9.13 the problem was resolved. So my problems are fixed. Sorry i’m unable give you more clarity on what the issue actually was.

  3. Yavor Vasilev

    This might be a class loading issue that occurs in the test env when the deps don't match. I'm marking the issue as invalid. If you encounter other issues feel free to create a new ticket.

  4. Log in to comment
Assignee
Type
bug
Priority
trivial
Status
invalid
Component
JWT
Milestone
4.0
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!