Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

It is not possible to get the claims and the JWT parameters without verify

See original GitHub issue

A verifier is mandatory to get the access to the JWT fields, but if i’m in the client side and i want read informations from JWT is not possibile decode the payload without verification:

byte[] payload = Base64.getUrlDecoder().decode( authResult.getAccessToken().split( "\\." )[ 1 ] );
JWT jwt = Mapper.deserialize( payload, JWT.class );

some helpers could be useful.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
robotdancommented, Feb 23, 2019

See commit 4e5d4d08fa9f672afda0b28f8b971f33a61b099a, added JWTUtils. decodePayload - will this work for you?

0reactions
robotdancommented, Feb 23, 2019

Great, thanks for the feedback. I also added JWTUtils.decodeHeader if that is of use. Released and available in version 3.0.2.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How To Validate a JWT Token
When a token is posted to the server, it must be validated to check if anyone has tempered the token or not. Lack...
Read more >
Troubleshooting JWT validation
Check that the "iss" (issuer) claim in your JWT token matches the first parameter of the endpoints.Issuer object. Error: Audience not allowed.
Read more >
JSON Web Token Claims
JSON web tokens (JWTs) claims are pieces of information asserted about a subject. For example, an ID token (which is always a JWT...
Read more >
JSON Web Token Introduction - jwt.io
Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity...
Read more >
Validate JWT (jwt-validate)
Not all claims that are in the JWT must be validated, but if any one of the claims that are specified in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Accept leeway while checking expiration

Next page

Wrappers not generated with KSP when using embedAndSignAppleFrameworkForXcode