0

I must be missing something. I am using the JJWT library to create JWTs. The JWTs are created inconsistently from the library depending on the data set in the claims. My code:

Date now = new Date();
Date expiration = new Date(now.getTime() + TimeUnit.MINUTES.toMillis(30));

Claims claims = Jwts.claims();

JSONObject jsonObject = new JSONObject();
jsonObject.put("serviceName1", "serviceStatus1");
jsonObject.put("serviceName2", "serviceStatus2");
claims.put("services",jsonObject);

claims.setSubject("225544");
claims.setExpiration(expiration);
claims.setId(UUID.randomUUID().toString());
claims.setIssuedAt(now);

return Jwts.builder()
    .setClaims(claims)
    .signWith(SignatureAlgorithm.HS256, Base64.encodeBase64(secret.getBytes()))
    .compact();

This code creates a JWT and signs it correctly. However, when the payload is decoded, the payload value is not always valid JSON. Most often it is missing the closing } causing any parsing of it to fail. If the Subject is 8 characters, it works fine. If it is 7 or 6 characters long, it is invalid JSON. Or if I add other tags to the claim, sometimes it works and sometimes it doesn't. Am I doing something wrong?

I have also tried using Auth0 java-JWT library and get similar results, Payload not always valid JSON.

Improve this question
3
  • 2
    Try claims.put("services", jsonObject.toString ()); or use a Map. Commented Feb 28, 2017 at 0:57
  • What library are you using for JSONObject? Probably is a problem encoding the JSON object to string. Commented Feb 28, 2017 at 8:57
  • Trying .toString() did not help. I am using net.sf.json-lib as the library. Instead of fighting with it more, I decided it was easier to build the tokens manually, then still validate them through the library. Thanks for helping Commented Feb 28, 2017 at 20:10

3 Answers 3

Reset to default
2

Please instead of JSONObject try Map<String,String>

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Ultimately, I could not get the JJWT library working how I wanted. As such, I implemented a simple hashing algorithm and jwt creator manually. Here is what that looks like:

    Date now = new Date();
    //Valid only for 30 minutes
    Date expiration = new Date(now.getTime() + TimeUnit.MINUTES.toMillis(30));

    JSONObject header = new JSONObject();
    JSONObject payload = new JSONObject();

    header.put("alg", "HS256");

    payload.put("sub", "ourSubject");
    payload.put("exp", expiration.getTime() / 1000);
    payload.put("jti", UUID.randomUUID().toString());
    payload.put("iat", now.getTime() / 1000);
    payload.put("services", "JSON object of our custom data needed in authorization (not authentication");
    String signature = "";

    StringBuilder token = new StringBuilder();
    token.append(new String(Base64.encodeBase64(header.toString().getBytes())));
    token.append(".");
    token.append(new String(Base64.encodeBase64(payload.toString().getBytes())));
    try {
        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(Base64.encodeBase64((secret + otherPartOfSecret).getBytes()), "HmacSHA256");
        sha256_HMAC.init(secret_key);

        signature = new String(Base64.encodeBase64(sha256_HMAC.doFinal(token.toString().getBytes())));
    } catch (Exception e) {
        System.out.println("Error");
    }

    token.append(".");
    token.append(signature);

    return token.toString();
Improve this answer

Comments

0

You can use the toMap() method to solve this issue.

The code from your example will then look like this:

JSONObject jsonObject = new JSONObject();
jsonObject.put("serviceName1", "serviceStatus1");
jsonObject.put("serviceName2", "serviceStatus2");
claims.put("services",jsonObject.toMap());

This will result in the following claim in the JWT.

"services": {
    "serviceName1": "serviceStatus1",
    "serviceName2": "serviceStatus2"
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.