Night Gryphon created NIFI-13326:
------------------------------------
Summary: UI web token (JWT) decoding error
Key: NIFI-13326
URL: https://issues.apache.org/jira/browse/NIFI-13326
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 2.0.0-M3, 2.0.0-M2
Environment: Linux Ubuntu 22.04
Reporter: Night Gryphon
With some combinations of JWT contents UI can not decode received JWT because
different base64 modifications are used by server and client.
At the server side JWT is generated using URL-SAFE base64 encoding which
replace '+' and '/' characters with '-' and '_' respectively.
But at UI side JWT is decoded with JQuery standard base64 decode function as
regular non URL-Safe data and '-' and '_' characters are dropped by incoming
filter which corrupts encoded data.
As an example the UI script nf-login-all.js (and some other) declare function
getJwtPayload which call JQuery base 64 decode without appopriate JWT data
preparation by replacing '-' and '_' characters back to '+' and '/'. This cause
JWT data loss and javascript fails at decoding JWT json data
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
