Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`Jwt.id` (jti) isn't been populated with `OpenIdClaims.jti` value

See original GitHub issue

Describe the bug

Jwt.id (jti) isn’t been populated with OpenIdClaims.jti value

Code sample

@WithMockJwtAuth(
	claims=OpenIdClaims(
		sub="00000000-0000-0000-0000-000000000000", jti="00000000-0000-0000-0000-000000000000", sessionState="00000000-0000-0000-0000-000000000000",
		otherClaims=Claims(stringClaims=[StringClaim(name="id_institucional", value="aa91613e-34b2-488a-94ef-09ac5bef1904")])
	)
)
fun sampleTest() {}

If I check the id of Jwt, it appears null:

val authenticationJwt = authentication as JwtAuthenticationToken
val principal = authenticationJwtprincipal as Jwt

principal.id == null

Tested in

  • Spring Boot 2.6.1
  • com.c4-soft.springaddons:spring-security-oauth2-test-webmvc-addons:3.1.7-jdk17
  • org.springframework.boot:spring-boot-starter-oauth2-resource-server (the version is based on Spring Boot version)

Expected behavior Jwt.id be populated based in jti value.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
ch4mpycommented, Dec 21, 2021

@SrMouraSilva release 3.1.8 done.

It usually takes about two hours for the libs to be transfered to https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-security-oauth2-test-addons/

1reaction
ch4mpycommented, Dec 21, 2021

This looks like a bug. Will have a look ASAP.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to use jti claim in a JWT - node.js - Stack Overflow
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures...
Read more >
jti time not honored once JWT is used in z/OS Connect ... - IBM
The JWT jti (JWT ID) claim is usually used to prevent replay attacks by preventing the same JWT from being replayed.
Read more >
Microsoft identity platform access tokens
Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive. rh, Opaque String, An ...
Read more >
draft-ietf-oauth-access-token-jwt-12
This claim identifies the time at which the JWT access token was issued. jti REQUIRED - as defined in Section 4.1.7 of [RFC7519]....
Read more >
How does JTI prevent a JWT from being replayed?
Or only when a new token is generated? The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support for polymorphism

Next page

Using annotations in a cucumber test environment with MockMvcSupport does not create a Principal in Spring Boot