Matching jwt token against a regex

[sohailalam2]

Hey Guys,

We are facing some issues with the jsonwebtoken library when we create our own token following the JWT standards (using C language). Unfortunately the official C library doesnt compile well in our Windows environment.

After debugging for days we came to the conclusion that the regex used in the jws library verify-stream.js file does not allow for equals sign (=), hence the regex validation fails.

Currently the regex looks like as follow -

const JWS_REGEX = /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/;

Suggested change is to include the (=) sign as well -

const JWS_REGEX = "^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$";

Thanks

[omsmith]

Dupe of #22

Sorry, but your C implementation is not following the spec.

The JOSE set of standards uses "URL safe Base64".

Replace + with -, / with _, and remove all padding (=).

[sohailalam2]

@omsmith Thank you for the quick response. We will make the required chanes as suggested.

[vanillajonathan]

For reference:
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/master/src/System.IdentityModel.Tokens.Jwt/JwtConstants.cs#L58