- changed title to GSON changed serialization behavior
GSON changed serialization behavior
The switch from JSON Smart to GSON in this commit was a breaking change in the serialization of claim values that contain certain characters.
By default GSON escapes some HTML and XML control characters, some of which are not uncommon in claim values. For example, =
is used in Base64 encoded claim values. This is very surprising for consumers of this library who almost certainly wouldn’t expect these characters to be escaped. For example, the serialized JWT changed from:
{"foo":"xHPBC7VaQxq6AAvrBQN4YQ=="}
to
{"foo":"xHPBC7VaQxq6AAvrBQN4YQ\u003d\u003d"}
The correct fix is probably to configure GSON with disableHtmlEscaping.
I’ve put up a fix for this in the commit linked below.
https://bitbucket.org/pkoenig10/nimbus-jose-jwt/commits/e301a9a1b2b21db316becfb96104c0eeebc237f1
Comments (3)
-
reporter -
- changed status to open
Thanks for the report and the proposed fix, very much appreciated!
-
- changed status to resolved
- Log in to comment