[
https://issues.apache.org/jira/browse/OLTU-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antonio Sanso updated OLTU-200:
-------------------------------
Component/s: oauth2-common
> Wrong regex in TokenReader
> --------------------------
>
> Key: OLTU-200
> URL: https://issues.apache.org/jira/browse/OLTU-200
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-common
> Reporter: Antonio Sanso
> Assignee: Simone Tripodi
>
> The regex in TokenReader [0] doesn't comply with the JWS spec.
> The spec [1] says:
> {code}
> BASE64URL(UTF8(JWS Protected Header)) || '.' ||
> BASE64URL(JWS Payload) || '.' ||
> BASE64URL(JWS Signature)
> {code}
> while the impl regex is
> {code}
> private final Pattern base64urlTokenPattern =
> Pattern.compile("([a-zA-Z0-9/+=]+)\\.([a-zA-Z0-9/+=]+)\\.(.+)");
> {code}
> it should be rather
> {code}
> private final base64urlTokenPattern =
> Pattern.compile("([a-zA-Z0-9-_=]+)\\.([a-zA-Z0-9-_=]+)\\.([a-zA-Z0-9-_=]+)
> {code}
> [0]
> https://github.com/apache/oltu/blob/trunk/commons/encodedtoken/src/main/java/org/apache/oltu/commons/encodedtoken/TokenReader.java#L30
> [1] https://tools.ietf.org/html/rfc7515
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
