Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`` (jti) isn't been populated with `OpenIdClaims.jti` value

See original GitHub issue

Describe the bug (jti) isn’t been populated with OpenIdClaims.jti value

Code sample

		sub="00000000-0000-0000-0000-000000000000", jti="00000000-0000-0000-0000-000000000000", sessionState="00000000-0000-0000-0000-000000000000",
		otherClaims=Claims(stringClaims=[StringClaim(name="id_institucional", value="aa91613e-34b2-488a-94ef-09ac5bef1904")])
fun sampleTest() {}

If I check the id of Jwt, it appears null:

val authenticationJwt = authentication as JwtAuthenticationToken
val principal = authenticationJwtprincipal as Jwt == null

Tested in

  • Spring Boot 2.6.1
  • com.c4-soft.springaddons:spring-security-oauth2-test-webmvc-addons:3.1.7-jdk17
  • org.springframework.boot:spring-boot-starter-oauth2-resource-server (the version is based on Spring Boot version)

Expected behavior be populated based in jti value.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

ch4mpycommented, Dec 21, 2021

@SrMouraSilva release 3.1.8 done.

It usually takes about two hours for the libs to be transfered to

ch4mpycommented, Dec 21, 2021

This looks like a bug. Will have a look ASAP.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to use jti claim in a JWT - node.js - Stack Overflow
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures...
Read more >
jti time not honored once JWT is used in z/OS Connect ... - IBM
The JWT jti (JWT ID) claim is usually used to prevent replay attacks by preventing the same JWT from being replayed.
Read more >
Microsoft identity platform access tokens
Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive. rh, Opaque String, An ...
Read more >
This claim identifies the time at which the JWT access token was issued. jti REQUIRED - as defined in Section 4.1.7 of [RFC7519]....
Read more >
How does JTI prevent a JWT from being replayed?
Or only when a new token is generated? The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found