DefaultJWTClaimsVerifier's exception message has a non-deterministic order
Issue #444
resolved
If not all the required claims are present, the order in which the missing claims is presented in the BadJWTException
message is non-deterministic due to the use of the HashSet
. This isn't particularly problematic by itself, but the DefaultJWTClaimsVerifierTest.testRequiresMultiple
relies on a particular ordering of the missing claims and will fail depending on the behavior of your HashSet
.
Suggest: Sort the missing claims before presenting, so there's always the exact same exception message independent of the hash implementation, e.g., using a SortedSet
instead of a HashSet
.
Alternative: Refactor the test to avoid relying on the specific ordering of the output.
Comments (3)
-
reporter -
- changed status to open
Thanks Nathan, I'll check both suggestions.
-
- changed status to resolved
Fixed in d47596d9.
- Log in to comment