[
https://issues.apache.org/jira/browse/NIFI-13326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850875#comment-17850875
]
David Handermann commented on NIFI-13326:
-----------------------------------------
Thanks for highlighting this issue [~nightgryphon]. It is worth noting that the
new UI no longer decodes the JWT, and the current {{nifi-web-ui}} is slated for
removal in the next milestone release of 2.0.0. For that reason, this should be
effectively resolved soon with the transition to the new UI.
> UI web token (JWT) decoding error
> ---------------------------------
>
> Key: NIFI-13326
> URL: https://issues.apache.org/jira/browse/NIFI-13326
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 2.0.0-M2, 2.0.0-M3
> Environment: Linux Ubuntu 22.04
> Reporter: Night Gryphon
> Priority: Major
>
> With some combinations of JWT contents UI can not decode received JWT because
> different base64 modifications are used by server and client.
> At the server side JWT is generated using URL-SAFE base64 encoding which
> replace '+' and '/' characters with '-' and '_' respectively.
> But at UI side JWT is decoded with JQuery standard base64 decode function as
> regular non URL-Safe data and '-' and '_' characters are dropped by incoming
> filter which corrupts encoded data.
> As an example the UI script nf-login-all.js (and some other) declare function
> getJwtPayload which call JQuery base 64 decode without appopriate JWT data
> preparation by replacing '-' and '_' characters back to '+' and '/'. This
> cause JWT data loss and javascript fails at decoding JWT json data
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
