-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
isSigned returns true if normal JSON provided or singed with different key #582
Comments
Thanks for the issue! That method is intended to be used for checking strings reasonably expected to be compact JWT strings - not generic JSON. Based on the confusion, it is probable that others experience it as well, so it's likely we'll deprecate this method in favor of parsing directly - or perhaps at least change the implementation to delegate to parsing, catch a If we do keep it, some thought needs to be put a changed implementation however to ensure that the implementation is feasible, especially given that encrypted JWTs (JWEs) are also usually signed in addition to being encrypted. (i.e. I think it makes sense to keep this ticket open to represent the work to make that change. Thanks for reporting it! |
I've two problems with the
boolean isSigned(String jwt)
method:The following function call returns true if I provide a normal JSON (NOT a signed JWT):
If I change the method calls to the following:
a
io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 14
is thrown (which is the expected behavior).As
json
a valid JSON is provided (NOT a JWT, maybe it can be any string?), e.g.If I provide a valid JWT, signed with a different private key,
isSigned
also returns true.From the doc:
Do I understand this method in a wrong way? I just want to check if a string is a JWT signed with the corresponding key. In my opinion
isSigned
should return false in both cases.At a different code location I use
parseClaimsJws
, that works great 😍As version I use the latest 0.11.1
The text was updated successfully, but these errors were encountered: