ClaimsRequest.parse(JSONObject) modifies the source object
Issue #287
resolved
I was updating my oauth2-oidc-sdk dependency from early 6.x to 7.0, and noticed the following new behaviour. I tracked that this is the current functionality from v6.15 onwards, including 7.0.
See following code-snippet:
JSONObject claims = (JSONObject) JSONValue.parse("{\"id_token\":{\"email\":{\"essential\":true}},\"userinfo\":{\"name\":{\"essential\":true}}}");
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("joe")
.claim("claims", claims)
.build();
System.out.println("Before parsing : " + claimsSet);
ClaimsRequest cr = ClaimsRequest.parse(claims);
System.out.println("After parsing : " + claimsSet);
System.out.println("Claims request : " + cr);
It prints the following output:
Before parsing : {"sub":"joe","claims":{"id_token":{"email":{"essential":true}},"userinfo":{"name":{"essential":true}}}}
After parsing : {"sub":"joe","claims":{"id_token":{"email":{}},"userinfo":{"name":{}}}}
Claims request : {"id_token":{"email":{"essential":true}},"userinfo":{"name":{"essential":true}}}
So, for some reason ClaimsRequest.parse(JSONObject) modifies the JSONObject given to the method. I believe that’s not expected from a static method like this?
With v6.14 and older, the string after After parsing was exactly the same as Before parsing.
Comments (3)
-
-
- changed status to open
-
- changed status to resolved
- Log in to comment
Hi Henri,
This is definitely a bug, thanks for the report.