Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Obtain claim as POJO

See original GitHub issue

Currently DefaultClaims.get(String, Class) does a bit of date foo or casts the value removed from the claim map. It would be great if the claims object retained the original JSON (perhaps an internal Map<String, JsonNode>) and used jackson to deserialize it into the passed class. This might be useful when a claim value is an object, or alternative json types (like BigDecimal), or to allow extensions into things jjwt doesn’t support (like java 8 Optional).

Does this seem like a valid feature candidate?

Issue Analytics

State:
Created 7 years ago
Reactions:1
Comments:6 (3 by maintainers)

Top GitHub Comments

6reactions

nrktktcommented, Sep 14, 2016

So I’d propose adding another method, JsonNode getJson(String) to retrieve the original JSON value of a claim field. This way all manner of mapping can be covered by the user without adding to jjwt.
The existing get(String, Class) method could be modified to look something like this

public <T> T get(String claimName, Class<T> requiredType) {
  Object value = get(claimName);
  if (value == null) { return null; }

  if (Claims.EXPIRATION.equals(claimName) ||
    Claims.ISSUED_AT.equals(claimName) ||
    Claims.NOT_BEFORE.equals(claimName)
  ) {
    value = getDate(claimName);
  }

  if (requiredType == Date.class && value instanceof Long) {
    value = new Date((Long)value);
  }

  if (!requiredType.isInstance(value)) {
    try{
      return mapper.treeToValue(getJson(claimName), requiredType);
    }catch(JsonProcessingException e){
      throw new RequiredTypeException("Expected value to be of type: " + requiredType + ", but was " + value.getClass());
    }
  }

  return requiredType.cast(value);
}

This could be implemented by adding a field Map<String, JsonNode> json to JwtMap or DefaultClaims. getJson(String) would then simply return values from json.

This addition to get(String, Class) doesn’t change any existing use cases, but gives one more chance to return without exception. getJson(String) then covers the rest of cases where the user has complex mapping and needs to use their own mapper.
While serializing an object to a string and putting that in the claim is easily supported most places, not all JWTs a user could receive will be issued by them. For example, OpenID Connect specifies address as a standard claim, which is an object. If I wanted to build an OpenID Connect library on jjwt, I’d probably want to turn that into an AddressClaim pojo (of course I could get it as a map and map that map to my pojo, but I think most would rather just work with the json).

What do you think?

0reactions

lhazlewoodcommented, Mar 10, 2019

Closing this as a duplicate of #369.