Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Deprecate JwtParserBuilder#setSigningKey(String)

See original GitHub issue

Hello. I noticed the code:

   @Deprecated
   JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) throws InvalidKeyException;

in the doc, this api will be removed in 1.0 realease, and recommend user to use JwtBuilder signWith(Key key, SignatureAlgorithm alg) throws InvalidKeyException; to replace the old api.

so we need to buid the key as follow: SecretKey secretKey = Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64EncodedSecretKey));

but the code JwtParserBuilder setSigningKey(String base64EncodedSecretKey); doesn’t deprecated. it will transfer string to base64 byte array by framework. if user use Keys.hmacShaKeyFor(byte[] bytes), but the byte[] not decoded by base64, the error will occur.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:13 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
mrtscommented, Sep 16, 2020

Hi @lhazlewood ! Thank you, it definitely does help! Can I vote for @FunctionalInterface for the upcoming VerificationKeyResolver(s) so that lambdas can be used?

It would be awesome if I could write something along the lines of the following:

var parser = Jwts.parserBuilder()
                 .setVerificationKeyResolver((header, claims) ->
                                                 parseCertificate(header.get("x5c")).getPublicKey())
                 .build();
parser.parseClaimsJws(jwt);
1reaction
mrtscommented, Apr 27, 2022

Slightly unrelated to this issue, but @mrts, when using “x5c” for signature validation you have to verify the ceritificate chain for that certificate, as mentioned in RFC 7515 you linked:

Thanks for bringing this up, absolutely!

Here’s how we do it in the Web eID project: link.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to fix parser() is deprecated and 'setSigningKey(java ...
this is the error I am facing in here. public boolean validateToken(String jwt){ Jwts.parser ...
Read more >
Deprecated List (JJWT :: API 0.11.2 API) - javadoc.io
setSigningKey (String) . To construct a JwtParser use the corresponding builder via Jwts.parserBuilder() . This will construct an immutable JwtParser. NOTE: this ...
Read more >
io.jsonwebtoken.JwtParser.setSigningKey java code examples
Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature),...
Read more >
setsigningkey deprecated | The Search Engine You Control
jwtk/jjwtDeprecate JwtParserBuilder#setSigningKey(String)#617 ... According to this documentation, Jwts.parserBuilder() is what has replaced Jwts.parser() ...
Read more >
io.jsonwebtoken.JwtParser Java Examples - ProgramCreek.com
setSigningKey (publicKey); if (clock != null) { parser = parser.setClock(clock); } Jws<Claims> claims = parser .parseClaimsJws(jwt); String mobile = claims.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

graal support?

Next page

Integer claim fails with GSON