Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Signed JWSs/JWTs are not supported

See original GitHub issue

When I use Jwts.parser().parsePlaintextJws(token) on one of my tokens, I get an exception with something like “Signed JWSs/JWTs are not supported”.

That doesn’t make much sense to me. Am I doing this wrong?

I want to look at my own token on the client, to read the fields. I can’t give the secret to the client. Will I need to use a different library? What is the reason that I can’t read fields in a signed token if the token isn’t encrypted?

https://jwt.io/ can read all fields.

Issue Analytics

State:
Created 7 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

1reaction

gposcidoniocommented, Nov 21, 2016

Oh I think I misread your first comment when I saw it initially. So the idea behind JWT is that you rely on the signature to tell you whether the token you have is valid or not. If you can’t verify the signature then you shouldn’t trust any of its contents. If you can’t give your client the private key you’re using to sign the keys, perhaps consider using an asymmetric signing algorithm such as RS256 so that your server can have the private key and you can give your client(s) the public key. For more on this topic, you can check out this StackOverflow post.

0reactions

lhazlewoodcommented, Nov 1, 2017

closing per @gposcidonio and @dogeared last comments. Also note that the term ‘plaintext jwt’ is no longer valid upon finalization of RFC 7519 (they removed that term and the support for arbitrary text payloads and now have only JSON Claims Set payloads that maybe secure or unsecure). We’ll remove ‘parsePlaintext*’ method variants from JJWT before the 1.0 final release to stay consistent with the RFC.

Top Results From Across the Web

Signed Claims JWSs are not supported - Stack Overflow

When I'm trying to send get request via postman which require authorization, then I've got following error: io.jsonwebtoken.

io.jsonwebtoken.UnsupportedJwtException java code examples

Exception thrown when receiving a JWT in a particular format/configuration that does not match the format expected by the application. For example, this ......

io.jsonwebtoken.UnsupportedJwtException Java Examples

This page shows Java code examples of io.jsonwebtoken.UnsupportedJwtException.

DefaultJwtParser (JSON Web Token support for the JVM 0.2 ...

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature),...

JwkVerifyingJwtAccessTokenCo...

JwtHelper; 20 import org.springframework.security.jwt.crypto.sign. ... This {@link JwtAccessTokenConverter} <b>does not</b> support signing JWTs (JWS) and ...