[
https://issues.apache.org/jira/browse/CXF-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16511301#comment-16511301
]
Colm O hEigeartaigh commented on CXF-7760:
------------------------------------------
I think the problem is with the token itself. For example not using any CXF
APIs:
String part1 =
"eyJraWQiOiI0cFpiZTRzaFFRR3paWEhiZUlsYkR2bUhPYzFcL0g2akg2b0JrM25VcmNaRT0iLCJhbGciOiJSUzI1NiJ9";
byte[] bytes = java.util.Base64.getDecoder().decode(part1);
System.out.println(new String(bytes, StandardCharsets.UTF_8));
yields:
{"kid":"4pZbe4shQQGzZXHbeIlbDvmHOc1\/H6jH6oBk3nUrcZE=","alg":"RS256"}
Here you can see the forward slash in the kid is already encoded in the token.
> JOSE: JwsCompactConsumer parsing headers issue
> ----------------------------------------------
>
> Key: CXF-7760
> URL: https://issues.apache.org/jira/browse/CXF-7760
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.13
> Reporter: Juan
> Priority: Major
>
> When using the JwsCompactConsumer with a compact JWT whose kid contains a
> slash, the json parser escapes it, which causes issues later on while
> matching the kid to the one specified in the JWKS. For example:
> Header:
> {
> "kid": "4pZbe4shQQGzZXHbeIlbDvmHOc1/H6jH6oBk3nUrcZE=",
> "alg": "RS256"
> }
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
