[
https://issues.apache.org/jira/browse/CXF-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510912#comment-16510912
]
Juan commented on CXF-7760:
---------------------------
Thanks for the quick response. I am getting the JWT from cognito. See this:
String keyId = "4pZbe4shQQGzZXHbeIlbDvmHOc1/H6jH6oBk3nUrcZE=";
String jwt =
"eyJraWQiOiI0cFpiZTRzaFFRR3paWEhiZUlsYkR2bUhPYzFcL0g2akg2b0JrM25VcmNaRT0iLCJhbGciOiJSUzI1NiJ9.nevermindtheclaims.orthesignature";
JwsCompactConsumer consumer = new JwsJwtCompactConsumer(jwt);
assertEquals(keyId, consumer.getJwsHeaders()
.asMap()
.get("kid"));
> JOSE: JwsCompactConsumer parsing headers issue
> ----------------------------------------------
>
> Key: CXF-7760
> URL: https://issues.apache.org/jira/browse/CXF-7760
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.13
> Reporter: Juan
> Priority: Major
>
> When using the JwsCompactConsumer with a compact JWT whose kid contains a
> slash, the json parser escapes it, which causes issues later on while
> matching the kid to the one specified in the JWKS. For example:
> Header:
> {
> "kid": "4pZbe4shQQGzZXHbeIlbDvmHOc1/H6jH6oBk3nUrcZE=",
> "alg": "RS256"
> }
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
