-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JwtParser throws wrong exception when signing key is HMAC but token signed with RSA #438
Comments
I think I understand what you're saying - let me reformulate it to see if we're on the same page: The current exception indicates that the jws specified is an illegal argument because of how the parser was configured. But this isn't obvious because the internal parser key is expecting a different type of JWS, so that should be made more obvious/explicit with a more concrete JwtException - that explains not just that the argument was illegal, but why it was illegal. Is that correct? If so (and I think that's what you're saying), I agree with you, but we can't change runtime exception types until a major version increase (i.e. 1.0). This is because any existing logic expecting to catch As such, I can assign this to a v 1.0 tag. Please confirm. |
Yes, that's correct.
Understood. Thanks for following up. |
Thanks for the clarification! |
@mbarkley Hey, how did you get away with this exception, may i know how did you resolve it? |
@NagaAtLv we catch the |
@mbarkley Thanks for the prompt response, it is rather surprising, when i tried to parse the token generated through Azure AD, i can view the json object on jwt.io and other parsing websites... so i just wondering how can i get past this one. |
Did you find a solution ? Creating a new HmacKey by jeo4j gives the exception below that one and creation of new public/private key also gives error |
@NagaAtLv have you got solution on this I am also facing same exception while working on AzureAD |
Given:
JwtParser.setSigningKey(String base64Encoded)
.parseClaimsJws(String)
method.Expected:
JwtException
of some kind.Observed:
IllegalArgumentException
with the following message: "Key bytes can only be specified for HMAC signatures. Please specify a PublicKey or PrivateKey instance."The text was updated successfully, but these errors were encountered: