Parsing fails on android platform

Question

Parsing fails on android platform

mikosik opened this issue 9 years ago · comments

Parsin JWT string using jjwt-0.5 fails on android platform.
jjwt library is added to android project as gradle dependency.

compile 'io.jsonwebtoken:jjwt:0.5'

Following code

    String json = "{ \"name\" : \"John\"}";
    String jwt = Jwts.builder().setPayload(json).compact();
    System.out.println("JWT = " + jwt);
    String name = Jwts.parser().parseClaimsJwt(jwt).getBody().get("name").toString();
    System.out.println("name = " + name);

works correctly on desktop JDK producing following output

JWT = eyJhbGciOiJub25lIn0.eyAibmFtZSIgOiAiSm9obiJ9.
name = John

However when the same code is run on android (Nexus-5 device running android 5.1.1) if fails with exception thrown from parseClaimsJwt method:

JWT = eyJhbGciOiJub25lIn0.eyAibmFtZSIgOiAiSm9obiJ9.

 Caused by: io.jsonwebtoken.UnsupportedJwtException: Signed JWSs are not supported.
    at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJwt(DefaultJwtParser.java:365)
    at com.example.MainActivity.onCreate(MainActivity.java:53)
    at android.app.Activity.performCreate(Activity.java:5990)
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1106)
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2278)
    ... 10 more
 Caused by: java.lang.IllegalArgumentException: bad base-64
    at android.util.Base64.decode(Base64.java:161)
    at android.util.Base64.decode(Base64.java:136)
    at android.util.Base64.decode(Base64.java:118)
    at io.jsonwebtoken.impl.AndroidBase64Codec.decode(AndroidBase64Codec.java:28)
    at io.jsonwebtoken.impl.Base64UrlCodec.decode(Base64UrlCodec.java:78)
    at io.jsonwebtoken.impl.AbstractTextCodec.decodeToString(AbstractTextCodec.java:36)
    at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:161)
    at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:325)
    at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJwt(DefaultJwtParser.java:358)

It looks to me that android.util.Base64.decode() method (that is used internally by jjwt) requires input to contain padding characters (=) (or it just needs to be configured/called different way).
If I modify JWT string passed to parseClaimsJwt method by adding missing padding character (=) then it works correctly on android. Following code (with = added in proper place inside JWT string)

    String jwt = "eyJhbGciOiJub25lIn0=.eyAibmFtZSIgOiAiSm9obiJ9.";
    String name = Jwts.parser().parseClaimsJwt(jwt).getBody().get("name").toString();
    System.out.println("name = " + name);

... produces expected result:

name = John

I glimpsed quickly through the jjwt code and line https://github.com/mikosik/jjwt/blob/master/src/main/java/io/jsonwebtoken/impl/Base64UrlCodec.java#L85 looks fishy to me.
It is:

  int paddingCount = chars.length % 4;

but I guess it should be

  int paddingCount = 4 - chars.length % 4;

Les Hazlewood · Answer 1 · Fri Jun 26 2015 08:23:53 GMT+0800 (China Standard Time)

Thanks for the report! This should be relatively easy to fix.

Les Hazlewood · Answer 2 · Sat Jun 27 2015 02:52:25 GMT+0800 (China Standard Time)

The PR for this was successful and merged to master. The fix will be in the 0.5.1 release.

Les Hazlewood · Answer 3 · Sat Jun 27 2015 04:50:24 GMT+0800 (China Standard Time)

This has been released as 0.5.1. Please allow 1 to 2 hours for the release artifact to appear in Maven Central. Cheers!

Marcin Mikosik · Answer 4 · Sun Jun 28 2015 15:33:49 GMT+0800 (China Standard Time)

@lhazlewood Great! Thanks for a quick response and fix. 🙇