[jira] [Comment Edited] (OFBIZ-10814) Error parsing JWT

Fri, 18 Jan 2019 19:14:24 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16746926#comment-16746926
 ] 

Jacques Le Roux edited comment on OFBIZ-10814 at 1/19/19 3:13 AM:
------------------------------------------------------------------

Yes, that's what I saw: refactoring in ExternalLoginKeysManager. Now about:
bq. I also think that we should disable this feature OOTB because it allows a 
login using a generated JWT and the default secret along with well known 
userLoginId's. This should be switched on by an administrator, with a 
configured secret. We cannot rely on the assumption that users find this 
functionality and secure their platform accordingly.

At what feature do you specifically think? The one in example component which 
allows to jump from a localhost to the demo trunk instance w/ a kind of SSO?



was (Author: jacques.le.roux):
Yes, that's what I saw refactoring in ExternalLoginKeysManager. Now about
bq. I also think that we should disable this feature OOTB because it allows a 
login using a generated JWT and the default secret along with well known 
userLoginId's. This should be switched on by an administrator, with a 
configured secret. We cannot rely on the assumption that users find this 
functionality and secure their platform accordingly.

At what feature do you specifically think? The one in example component which 
allows to jump from a localhost to the demo trunk instance w/ a kind of SSO?


> Error parsing JWT
> -----------------
>
>                 Key: OFBIZ-10814
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10814
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Michael Brohl
>            Assignee: Michael Brohl
>            Priority: Major
>         Attachments: Apache OFBiz JWT Test.postman_collection.json, 
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests 
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web 
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default 
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler              
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: 
> �z��'G�#�$�uB"�&�r#�$�3S"
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
>  ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124) 
> ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
>  ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
>  ~[ofbiz.jar:?]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_152]
>     at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
>     at 
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
>  [ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
>  [ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
>  [ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208) 
> [ofbiz.jar:?]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
>  [ofbiz.jar:?]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
>  [ofbiz.jar:?]
>     at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) 
> [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_152]
>     at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_152]
>     at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>  [tomcat-util-9.0.13.jar:9.0.13]
>     at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
> Caused by: com.fasterxml.jackson.core.JsonParseException: Illegal character 
> ((CTRL-CHAR, code 5)): only regular white space (\r, \n, \t) is allowed 
> between tokens
>  at [Source: (String)"�z��'G�#�$�uB"�&�r#�$�3S""; line: 1, column: 2]
>     at 
> com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804) 
> ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:669)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.base.ParserMinimalBase._throwInvalidSpace(ParserMinimalBase.java:620)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.json.ReaderBasedJsonParser._skipWSOrEnd(ReaderBasedJsonParser.java:2350)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:646)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4141)
>  ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4000)
>  ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3004) 
> ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:552) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     ... 42 more
> 2019-01-17 16:48:36,237 |jsse-nio-8443-exec-7 |RequestHandler                
> |E| null
> org.apache.ofbiz.webapp.event.EventHandlerException: Problems processing 
> event: io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: 
> �z��'G�#�$�uB"�&�r#�$�3S" (Unable to read JSON value: 
> �z��'G�#�$�uB"�&�r#�$�3S")
>     at 
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:94)
>  ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
>  ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
>  [ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208) 
> [ofbiz.jar:?]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
>  [ofbiz.jar:?]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
>  [ofbiz.jar:?]
>     at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127) 
> [javax.servlet-api-4.0.1.jar:4.0.1]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
>  [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) 
> [tomcat-catalina-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) 
> [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>  [tomcat-coyote-9.0.13.jar:9.0.13]
>     at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_152]
>     at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_152]
>     at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>  [tomcat-util-9.0.13.jar:9.0.13]
>     at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
> Caused by: io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: 
> �z��'G�#�$�uB"�&�r#�$�3S"
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
>  ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124) 
> ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
>  ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
>  ~[ofbiz.jar:?]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_152]
>     at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
>     at 
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
>  ~[ofbiz.jar:?]
>     ... 31 more
> Caused by: com.fasterxml.jackson.core.JsonParseException: Illegal character 
> ((CTRL-CHAR, code 5)): only regular white space (\r, \n, \t) is allowed 
> between tokens
>  at [Source: (String)"�z��'G�#�$�uB"�&�r#�$�3S""; line: 1, column: 2]
>     at 
> com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804) 
> ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:669)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.base.ParserMinimalBase._throwInvalidSpace(ParserMinimalBase.java:620)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.json.ReaderBasedJsonParser._skipWSOrEnd(ReaderBasedJsonParser.java:2350)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:646)
>  ~[jackson-core-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4141)
>  ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4000)
>  ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3004) 
> ~[jackson-databind-2.9.6.jar:2.9.6]
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:552) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) 
> ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
>  ~[jjwt-0.9.1.jar:0.9.1]
>     at 
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124) 
> ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
>  ~[ofbiz.jar:?]
>     at 
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
>  ~[ofbiz.jar:?]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_152]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_152]
>     at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
>     at 
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
>  ~[ofbiz.jar:?]
>     ... 31 more{noformat}
> If I create a JWT in [2] and paste it in [1] with a not Base64 encoded 
> secret, the JWT claims are displayed fine so I think they are correct and 
> parsable.
> You can test using
> {noformat}
> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE1NDc3MzkzNDgsImV4cCI6MTU3OTI3NTM0OCwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.KTZOnBj_GlZw5btWc8_8xau3pqs685idQGta9WC3WEJzk4AEeOhjyDCbT6AbOsaLcu5uKDHDphdsq9Tiea_Hpg{noformat}
>  
> Any ideas what could be wrong?
>  
> [1] [https://jwt.io/]
> [2] [http://jwtbuilder.jamiekurtz.com/]
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to