1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

DefaultJWTClaimsVerifier not compatible with `Set.of("myaudience")`

Issue #499 new
Nicholas Albion created an issue

If Set.of("myaudience") is passed as acceptedAudience

public DefaultJWTClaimsVerifier(final Set<String> acceptedAudience,
                    final JWTClaimsSet exactMatchClaims,
                    final Set<String> requiredClaims,
                    final Set<String> prohibitedClaims) {
...
    if (acceptedAudienceValues != null && ! acceptedAudienceValues.contains(null)) {

ImmutableCollections throws an exception at

public boolean contains(Object o) {
    return o.equals(e0) || e1.equals(o); // implicit nullcheck of o
}

because o is the null passed from .contains(null)

It would be better to use something like acceptedAudienceValues.stream().matchesAny(Objects::nonNull)

Comments (1)

  1. Vladimir Dzhuvinov

    This is a known issue, it started appearing when people started using Set.of.

    Do you have a proposal how to work around this with Java 7 code? This is the current lang level of the library.

  2. Log in to comment
Assignee
Type
bug
Priority
minor
Status
new
Component
JWT
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!