Version 2.25 introduced breaking, backwards-incompatible change to JWSVerifier
Issue #88
resolved
As a result of changes made for #86, JWSVerifier is no longer backwards-compatible with pre-2.25 uses. For example, attempting to use DefaultJWTDecoder from oauth2-oidc-sdk-3.0.1 results in the following error:
java.lang.NoSuchMethodError: com.nimbusds.jose.JWSVerifier.getJWSHeaderFilter()Lcom/nimbusds/jose/JWSHeaderFilter;
at com.nimbusds.openid.connect.sdk.util.DefaultJWTDecoder.addJWSVerifier(DefaultJWTDecoder.java:77)
Comments (2)
-
-
- changed status to resolved
Hi Chris,
Just released an update to the OIDC SDK (3.0.2) to make it compatible with 2.25. It should reach Maven Central in the next couple of hours.
Cheers,
Vladimir
- Log in to comment
Thanks for reporting this.
Yes, 2.25 is indeed a breaking change. The JWS + JWE specs say that header params that are not understood must be ignored, so we decided to scrap the filter entirely. I will see that the OIDC SDK gets updated for that and will let you know here.