[
https://issues.apache.org/jira/browse/CXF-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Juan reopened CXF-7760:
-----------------------
Hi, got feedback back from Cognito. It seems the problem is actually in the CXF
JSON parsing. Using a vanilla Jackson ObjectMapper instance it is properly
parsed:
String part1 =
"eyJraWQiOiI0cFpiZTRzaFFRR3paWEhiZUlsYkR2bUhPYzFcL0g2akg2b0JrM25VcmNaRT0iLCJhbGciOiJSUzI1NiJ9";
byte[] bytes = java.util.Base64.getDecoder().decode(part1);
ObjectMapper mapper = new ObjectMapper();
Map<String, Object> map = mapper.readValue(bytes, new TypeReference<Map<String,
String>>(){});
System.out.println(map);
yields
{kid=4pZbe4shQQGzZXHbeIlbDvmHOc1/H6jH6oBk3nUrcZE=, alg=RS256}
> JOSE: JwsCompactConsumer parsing headers issue
> ----------------------------------------------
>
> Key: CXF-7760
> URL: https://issues.apache.org/jira/browse/CXF-7760
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.13
> Reporter: Juan
> Priority: Major
>
> When using the JwsCompactConsumer with a compact JWT whose kid contains a
> slash, the json parser escapes it, which causes issues later on while
> matching the kid to the one specified in the JWKS. For example:
> Header:
> {
> "kid": "4pZbe4shQQGzZXHbeIlbDvmHOc1/H6jH6oBk3nUrcZE=",
> "alg": "RS256"
> }
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
