auth0 / jwtdecode.android Goto Github PK

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

The license today points to https://raw.githubusercontent.com/auth0/jwtdecode.android/master/LICENSE I would like to suggest to change url to the well known https://spdx.org/licenses/MIT.html url.

This make tools like cashapp's licensee gradle plugin to recognice what license that is being used.

Describe the ideal solution

Change URL to license file

Alternatives and current workarounds

Manually configure the current url as allowed license

licensee {
    allowUrl("https://raw.githubusercontent.com/auth0/jwtdecode.android/master/LICENSE") // MIT License
}

Additional context

No response

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Developers using R8 have encountered minification issues with the use of GSON in JWTDecode.Android - #49

Describe the ideal solution

JWTDecode.Android can include proguard directives in a consumer configuration file, which will advertise the issue and solve it for most consumers of the library.

In a new consumer proguard config, include the GSON proguard rules for R8 compiled projects.

https://github.com/google/gson/blob/f72824e2e4d0b719331a040a945876145b7c5acc/examples/android-proguard-example/proguard.cfg#L28

Alternatives and current workarounds

Current workaround is for the consuming project to include the proguard directives for R8 compilers themselves, but that is only likely to happen after they discover the issue, research and locate the solution.

Additional context

Users will discover the issue via a crash report in their minified release builds similar to this:

--------- beginning of crash

2023-08-07 13:47:36.054 16347-17602/? E/AndroidRuntime: FATAL EXCEPTION: OkHttp Dispatcher
Process: foo_bar, PID: 16347
java.lang.RuntimeException: Missing type parameter.
at com.google.gson.reflect.TypeToken.(SourceFile:10)
at u6.c.(Unknown Source:0)
at com.auth0.android.jwt.JWT.(SourceFile:6)
at v6.i.c(SourceFile:3)
at v6.i$b.onSuccess(SourceFile:2)
at v6.o$a.onSuccess(SourceFile:2)
at w6.g.onResponse(SourceFile:7)
at com.squareup.okhttp.Call$b.execute(SourceFile:6)
at com.squareup.okhttp.internal.NamedRunnable.run(SourceFile:3)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

I was using val jwt = JWT(tokenId) to retrieve claims from the tokenId, in the release build of my android studio project, along with R8 enabled. However I've received the following error: java.lang.runtimeexception: missing type parameter.

After adding those three lines of code in the proguard-rules.pro, the error disappeared:

-keep class com.google.gson.reflect.TypeToken
-keep class * extends com.google.gson.reflect.TypeToken
-keep public class * implements java.lang.reflect.Type

I also had to manually add Gson library to my project just to add those rules, since I'm using KotlinX Serialization library.
Is there a way for you to add those rules for Gson, when using R8, so that we don't have to?

Reproduction

1. Enable R8
2. Retrieve claims from a tokenId with val jwt = JWT(tokenId)

Additional context

No response

JWTDecode.Android version

2.0.2

Android version(s)

33

Hello, I ran into a problem using this library with out Auth0 implementation. I believe the work around would be pretty easy and I wouldn't mind contributing to this project with a pull request. However, I'm having trouble building the project locally as it seems to rely on a plugin that is only available in a private Bintray repo. Do you have any sort of contribution guide?

Specifically, what I'm trying to do is related to #21 . We're sending some custom JSON in our tokens and I need to get them out. none of the ClaimImpl methods work for me. I was thinking that if I could simply get out the raw value from the Claim that I could handle parsing the JSON myself.

I'm currently using the library in my android app for receiving a token with a claim called "realm_access", but i can't get the list of strings inside him.

"realm_access": {
"roles": [
"role-one",
"role-two"
]
},

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Hello all,
this library currently won't work with kotlin multiplatform module because it's using the:

• https://developer.android.com/reference/android/util/Base64
• https://developer.android.com/reference/android/os/Parcelable
  It would be nice to replace this function with ktor's utility function:
• https://api.ktor.io/ktor-utils/io.ktor.util/decode-base64-bytes.html

Example implementation in my code (splitToken is copied from this project)

val jwtBody = JWTPayload.splitToken(loginData.access_token ?: "")?.get(1)
if (jwtBody.isNullOrEmpty()) {
    throw IllegalArgumentException()
}
val jwtAccessToken = Json{ ignoreUnknownKeys = true }.decodeFromString<JWTPayload>(
    jwtBody.decodeBase64Bytes().decodeToString()
)
if (jwtAccessToken.sub.isEmpty()) {
    throw IllegalArgumentException()
}

Regards,
Luca.

Describe the ideal solution

Replace base64 and parcelable function/object.

Alternatives and current workarounds

Implement native code functions/libs.

Additional context

No response

I'm not able to extract data when I enable minifyEnabled true in release build, instead it's working perfectly in debug mode.

Hi maintainers anyone can help me. We use the next token, but when use getClaim function the value return is null. We use a debugger to explain what happens, it has a full payload, but return null after getAsString.

String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkU2VydmljZXMiOlsiYXBpLXVzdWFyaW9zLTEyM3Bvcm1pIiwiYmVuZWZpY2lvcyJdLCJwYXlsb2FkIjp7ImlkIjoyMSwibmFtZSI6IkJyZW5kYSIsImZpcnN0U3VybmFtZSI6IkRvbcOtbmd1ZXoiLCJzZWNvbmRTdXJuYW1lIjoiR8OhbWV6IiwiZW1wbG95ZWVJZCI6MzEyNX0sImlhdCI6MTU2ODg1MjIwNywiZXhwIjoxNTY4ODUyODA3fQ.VCvXEAXWUheHd4JCp-QxRr0AADn_akQGMAsok4WY19Jo74LdFYpgx7N-fBs4qGlJ3cIurUkyUOOCc8F_XXjdt5qTOx2Y2GHYgsrOD5Jwx9ZJ-F7GBmq1aY6ubRDBCTKnlJnunIsF-r4Cdp1qJy6Ygaag_G8fWGYdGNFS4De53tm8WMTi2IFeO_AitRSJbrqG8YWyFe1T4UQXTuv8NTJ9WkZFbcQwJMtYAGbltY5FxhFL3ReL7dVGb-rxMCnBEFs-IPOu4Or6K0vOaXXaxl7TRJV2OU2Xh1ulLbosG09Wce0jHn18Rw22K1wanF71H1nv8bwmJsQB5meWykevRi3T3g";

JWT jwt = new JWT(token);
String name = jwt.getClaim("name").asString();

I'm using your lib on my app and I was stuck until I found this bug because my server says that token has expired but inside the app the case of an expired token is prevented.

So here is what happens all time: when I retrieve my jwt from the server I pass inside my shared preferences'handler the token as a string with this function:

private void setNewSession(String token, boolean firstLogin) {
        editor.putBoolean(IS_LOGIN, true);
        JWT jwt = new JWT(token);
        editor.putString(KEY_USER_TOKEN, token);
        editor.putLong(KEY_DEADLINE, jwt.getExpiresAt().getTime());
        editor.putBoolean(KEY_FIRST_LOGIN, firstLogin);
        editor.apply();
        if(DEBUG) {
            Log.d(TAG_USER_CLASS,"Token: "+ jwt);
            Log.d(TAG_USER_CLASS,"Data di scadenza del token in ms : "+ jwt.getExpiresAt().getTime());
            Log.d(TAG_USER_CLASS,"Data di scadenza del token: "+ DateFormat.getDateTimeInstance().format(jwt.getExpiresAt()));
        }
    }

The problem is with the method: jwt.getExpiresAt().getTime() because instaed of returning the correct time it returns the correct time as long + 000.
Here is an example of the token passed by the server and the return of the method:

This is the result it should appear, I've calculated using the same token and the jwt debugger on site:

• token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiI1YTRmYTdlODUwNTdjNDU1NjRiZGIwNmMiLCJleHAiOjE1MTc0NDM3NDY4MzZ9.----OMITTEDKEYPART----

• "exp": 1517443746836

And as you can note that your library output (1517443746836000) is different from the site output (1517443746836).

Please let me know if you have the same issue that I have and hope you'll solve as soon as possible.

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlGYnpDQ0JGZWdBd0lCQWdJUkFLZGZxUmlyMjF1ZUNpWXloVFIxcS9Zd0RRWUpLb1pJaHZjTkFRRUxCUUF3UmpFTE1Ba0dBMVVFQmhNQ1ZWTXhJakFnQmdOVkJBb1RHVWR2YjJkc1pTQlVjblZ6ZENCVFpYSjJhV05sY3lCTVRFTXhFekFSQmdOVkJBTVRDa2RVVXlCRFFTQXhSRFF3SGhjTk1qUXdNVEk1TURrd09USTJXaGNOTWpRd05ESTRNRGt3T1RJMVdqQWRNUnN3R1FZRFZRUURFeEpoZEhSbGMzUXVZVzVrY205cFpDNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRHdraTV1ay9MUlRzbkQvMTFNNFcwUjY3VmhLOS9RY21NWTZQVFBaQ3AvRDNoS3RMSkNxb0YrNHM3VUVuTzFncSt6Wm5neEV3RUw0NU14anFRTS9JOW5adENtRFRQVDNnajg5aTFBN2M2RHo4L1U4RlE4SFlHZk1kM2d0U0N0TzM0bHVCTXZpSkhNRlgvenhpbXlwZERjR2d3VzcvTUc0aGQ4OUdzb2o1S3Npc3hZdTRwYmZPbjFJTmdXQ2t6cENrbmtpUlRONkZOSlNDcVlnT0ZuYWJiU3gvTndMRkp0UU12VDcvQmhjSXVJaXRkM1h4QmtTbThHbjZWSjhrdVA3ZVo5WWJ5akpMeEdURW5tVnlCYTl3NldCYlFLajJ0OWJYL0NwR0RlUkhpTU5pOUlPenhib3BHVEg2SC83SXZLc1FiNmV6OXZVekZkQXZsTG9DZDUwK1hCQWdNQkFBR2pnZ0ovTUlJQ2V6QU9CZ05WSFE4QkFmOEVCQU1DQmFBd0V3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVVhDeisrOUU2Tk90eEE5a2FtSHMwZW5YaWFjb3dId1lEVlIwakJCZ3dGb0FVSmVJWURySlhrWlFxNWRSZGhwQ0QzbE96dUpJd2V3WUlLd1lCQlFVSEFRRUViekJ0TURnR0NDc0dBUVVGQnpBQmhpeG9kSFJ3T2k4dmIyTnpjQzV3YTJrdVoyOXZaeTl6TDJkMGN6RmtOR2x1ZEM4eWJFZFlNSFZUVVhKUVRUQXhCZ2dyQmdFRkJRY3dBb1lsYUhSMGNEb3ZMM0JyYVM1bmIyOW5MM0psY0c4dlkyVnlkSE12WjNSek1XUTBMbVJsY2pBZEJnTlZIUkVFRmpBVWdoSmhkSFJsYzNRdVlXNWtjbTlwWkM1amIyMHdJUVlEVlIwZ0JCb3dHREFJQmdabmdRd0JBZ0V3REFZS0t3WUJCQUhXZVFJRkF6QS9CZ05WSFI4RU9EQTJNRFNnTXFBd2hpNW9kSFJ3T2k4dlkzSnNjeTV3YTJrdVoyOXZaeTluZEhNeFpEUnBiblF2V0RKS01raHlYemRRYVUwdVkzSnNNSUlCQkFZS0t3WUJCQUhXZVFJRUFnU0I5UVNCOGdEd0FIVUFTTERqYTlxbVJ6UVA1V29DK3AwdzZ4eFNBY3RXM1N5QjJidS9xem5ZaEhNQUFBR05WTElERkFBQUJBTUFSakJFQWlCbFdxdWY2UDg3TC9zOFpvVXVoTzBzeEwvUVAxai9zNEY5SzUwd1gvNEZRd0lnWEx3U1hRQ0pZcGMxTDVJNE90dmdaVElaRDliUlRJaFE2VDd3UTV4WWFqNEFkd0R1emRCazFkc2F6c1ZjdDUyMHpST2lNb2RHZkx6czNzTlJTRmxHY1IrMW13QUFBWTFVc2dMd0FBQUVBd0JJTUVZQ0lRRGJDMHBDY1ZjVDJ2UHkzQzlKL1NJdHVsb1RDSzAxNGVmMjErVjNnWUVqVlFJaEFJdXBkaVZoeTIxY2ExdE1UaENFL2RydXhsVTgwT2RQd2xuTHV5Zm9OS09wTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCbVFDRDMreGZFSytUazRPOTBkN2Y3N2ZuQVAvaDQxSE53NkxlVzNGYVQ3UkcwQVRUNjc0M3NqdENPaFpkTU90MzFxaWZLdVFSN0craUtNcnFvZmpJVTNyTG1neGVObUhPb3hDVk9uMWNpR2J4Y25zL1lJcGtObGlCQmlwdjE0OGV2WVlQSWh0L1hqS0tPYXg3NkE0cmEyWFVIWHZXSTdZaDRtRnZJZENmWXdUUGN0R2Jnc2JtZTI2bkdKL1hoeG9uTmVNVjNtTENrbHRrL3MxZWM5YXlqNEgwZEc1QTdxUk1XeFdFb3dqQTNNbG5oSFBRM3ZZWENSZXREWTA4ZVJMNjVKZEFQN3RvZW4rR2t2N2FsWm80SlgzbWlycGROVkpzREI0b2tjMTlvMWx6ekltMWFWc0tRdEtaRi9yeCtpTysvRmpUYTRUVXducnNqME45SVdzRzYiLCJNSUlGakRDQ0EzU2dBd0lCQWdJTkFnQ09zZ0l6Tm1XTFpNM2JtekFOQmdrcWhraUc5dzBCQVFzRkFEQkhNUXN3Q1FZRFZRUUdFd0pWVXpFaU1DQUdBMVVFQ2hNWlIyOXZaMnhsSUZSeWRYTjBJRk5sY25acFkyVnpJRXhNUXpFVU1CSUdBMVVFQXhNTFIxUlRJRkp2YjNRZ1VqRXdIaGNOTWpBd09ERXpNREF3TURReVdoY05NamN3T1RNd01EQXdNRFF5V2pCR01Rc3dDUVlEVlFRR0V3SlZVekVpTUNBR0ExVUVDaE1aUjI5dloyeGxJRlJ5ZFhOMElGTmxjblpwWTJWeklFeE1RekVUTUJFR0ExVUVBeE1LUjFSVElFTkJJREZFTkRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS3ZBcXFQQ0UyN2wwdzl6QzhkVFBJRTg5YkEreFRtRGFHN3k3VmZRNGMrbU9XaGxVZWJVUXBLMHl2MnI2NzhSSkV4SzBIV0RqZXErbkxJSE4xRW01ajZyQVJaaXhteVJTamhJUjBLT1FQR0JNVWxkc2F6dElJSjdPMGcvODJxai92R0RsLy8zdDR0VHF4aVJoTFFuVExYSmRlQisyRGhrZFU2SUlneDZ3TjdFNU5jVUgzUmNzZWpjcWo4cDVTajE5dkJtNmkxRmhxTEd5bWhNRnJvV1ZVR08zeHRJSDkxZHNneTRlRktjZktWTFdLM28yMTkwUTBMbS9TaUttTGJSSjVBdTR5MWV1RkptMkpNOWVCODRGa3FhM2l2clhXVWVWdHllMENRZEt2c1kyRmthenZ4dHh2dXNMSnpMV1lIazU1emNSQWFjREEyU2VFdEJiUWZEMXFzQ0F3RUFBYU9DQVhZd2dnRnlNQTRHQTFVZER3RUIvd1FFQXdJQmhqQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVUplSVlEckpYa1pRcTVkUmRocENEM2xPenVKSXdId1lEVlIwakJCZ3dGb0FVNUs4ckpuRWFLMGduaFM5U1ppenY4SWtUY1Q0d2FBWUlLd1lCQlFVSEFRRUVYREJhTUNZR0NDc0dBUVVGQnpBQmhocG9kSFJ3T2k4dmIyTnpjQzV3YTJrdVoyOXZaeTluZEhOeU1UQXdCZ2dyQmdFRkJRY3dBb1lrYUhSMGNEb3ZMM0JyYVM1bmIyOW5MM0psY0c4dlkyVnlkSE12WjNSemNqRXVaR1Z5TURRR0ExVWRId1F0TUNzd0thQW5vQ1dHSTJoMGRIQTZMeTlqY213dWNHdHBMbWR2YjJjdlozUnpjakV2WjNSemNqRXVZM0pzTUUwR0ExVWRJQVJHTUVRd0NBWUdaNEVNQVFJQk1EZ0dDaXNHQVFRQjFua0NCUU13S2pBb0JnZ3JCZ0VGQlFjQ0FSWWNhSFIwY0hNNkx5OXdhMmt1WjI5dlp5OXlaWEJ2YzJsMGIzSjVMekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBSVZUb3kyNGp3WFVyMHJBUGM5MjR2dVNWYktRdVl3M25MZmxMZkxoNUFZV0VlVmwvRHUxOFFBV1VNZGNKNm8vcUZaYmhYa0JIMFBOY3c5N3RoYWYyQmVvRFlZOUNrL2IrVUdsdWh4MDZ6ZDRFQmY3SDlQODRubnJ3cFIrNEdCRFpLK1hoM0kwdHFKeTJyZ09xTkRmbHI1SU1ROFpUV0EzeWx0YWt6U0JLWjZYcEYwUHBxeUNSdnAvTkNHdjJLWDJUdVBDSnZzY3AxL20ycFZUdHlCallQUlErUXVDUUdBSktqdE43UjVERnJmVHFNV3ZZZ1ZscENKQmt3bHU3KzdLWTNjVElmekU3Y21BTHNrTUtOTHVEeitSekNjc1lUc1ZhVTdWcDN4TDYwT1locUZrdUFPT3hEWjZwSE9qOStPSm1ZZ1BtT1Q0WDMrN0w1MWZYSnlSSDlLZkxSUDZuVDMxRDVubXNHQU9nWjI2LzhUOWhzQlcxdW85anU1ZlpMWlhWVlM1SDBIeUlCTUVLeUdNSVBoRldybHQvaEZTMjhOMXphS0kwWkJHRDNnWWdETGJpRFQ5ZkdYc3RwaytGbWM0b2xWbFdQelhlODF2ZG9FbkZicjVNMjcySGRnSldvK1doVDlCWU0wSmkrd2RWbW5SZmZYZ2xvRW9sdVROY1d6YzQxZEZwZ0p1OGZGM0xHMGdsMmliU1lpQ2k5YTZodlUwVHBwakp5SVdYaGtKVGNNSmxQcld4MVZ5dEVVR3JYMmwwSkR3UmpXLzY1NnIwS1ZCMDJ4SFJLdm0yWktJMDNUZ2xMSXBtVkNLM2tCS2tLTnBCTmtGdDhyaGFmY0NLT2I5SngvOXRwTkZsUVRsN0IzOXJKbEpXa1IxN1FuWnFWcHRGZVBGT1JvWm1Gek09IiwiTUlJRllqQ0NCRXFnQXdJQkFnSVFkNzBOYk5zMitScnFJUS9FOEZqVERUQU5CZ2txaGtpRzl3MEJBUXNGQURCWE1Rc3dDUVlEVlFRR0V3SkNSVEVaTUJjR0ExVUVDaE1RUjJ4dlltRnNVMmxuYmlCdWRpMXpZVEVRTUE0R0ExVUVDeE1IVW05dmRDQkRRVEViTUJrR0ExVUVBeE1TUjJ4dlltRnNVMmxuYmlCU2IyOTBJRU5CTUI0WERUSXdNRFl4T1RBd01EQTBNbG9YRFRJNE1ERXlPREF3TURBME1sb3dSekVMTUFrR0ExVUVCaE1DVlZNeElqQWdCZ05WQkFvVEdVZHZiMmRzWlNCVWNuVnpkQ0JUWlhKMmFXTmxjeUJNVEVNeEZEQVNCZ05WQkFNVEMwZFVVeUJTYjI5MElGSXhNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXRoRUNpeDdqb1hlYk85eS9sRDYzbGFkQVBLSDlndmw5TWdhQ2NmYjJqSC83Nk51OGFpNlhsNk9NUy9rcjlySDV6b1Fkc2ZuRmw5N3Z1ZktqNmJ3U2lWNm5xbEtyK0NNbnk2U3huR1BiMTVsKzhBcGU2MmltOU1aYVJ3MU5FRFBqVHJFVG84Z1liRXZzL0FtUTM1MWtLU1VqQjZHMDBqMHVZT0RQMGdtSHU4MUk4RTNDd25xSWlydTZ6MWtaMXErUHNBZXduakh4Z3NIQTN5Nm1iV3daRHJYWWZpWWFSUU05c0hta2xDaXREMzhtNWFnSS9wYm9QR2lVVSs2RE9vZ3JGWllKc3VCNmpDNTExcHpycDFaa2o1WlBhSzQ5bDhLRWo4QzhRTUFMWEwzMmg3TTFiS3dZVUgrRTRFek5rdE1nNlRPOFVwbXZNclVwc3lVcXRFajVjdUhLWlBmbWdoQ042SjNDaW9qNk9HYUsvR1A1QWZsNC9YdGNkL3AyaC9yczM3RU9lWlZYdEwwbTc5WUIwZXNXQ3J1T0M3WEZ4WXBWcTlPczZwRkxLY3dacERJbFRpcnhaVVRRQXM2cXprbTA2cDk4ZzdCQWUrZERxNmRzbzQ5OWlZSDZUS1gvMVk3RHprdmd0ZGl6amtYUGRzRHRRQ3Y5VXcrd3A5VTdEYkdLb2dQZU1hM01kK3B2ZXo3VzM1RWlFdWErK3RneS9CQmpGRkZ5M2wzV0ZwTzlLV2d6N3pwbTdBZUtKdDhUMTFkbGVDZmVYa2tVQUtJQWY1cW9JYmFwc1pXd3Bia05GaEhheDJ4SVBFRGdmZzFhelZZODBaY0Z1Y3RMN1RsTG5NUS8wbFVUYmlTdzFuSDY5TUc2ek8wYjlmNkJRZGdBbUQwNnlLNTZtRGNZQlpVQ0F3RUFBYU9DQVRnd2dnRTBNQTRHQTFVZER3RUIvd1FFQXdJQmhqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCVGtyeXNtY1JvclNDZUZMMUptTE8vd2lSTnhQakFmQmdOVkhTTUVHREFXZ0JSZ2UyWWFSUTJYeW9sUUwzMEV6VFNvLy96OVN6QmdCZ2dyQmdFRkJRY0JBUVJVTUZJd0pRWUlLd1lCQlFVSE1BR0dHV2gwZEhBNkx5OXZZM053TG5CcmFTNW5iMjluTDJkemNqRXdLUVlJS3dZQkJRVUhNQUtHSFdoMGRIQTZMeTl3YTJrdVoyOXZaeTluYzNJeEwyZHpjakV1WTNKME1ESUdBMVVkSHdRck1Da3dKNkFsb0NPR0lXaDBkSEE2THk5amNtd3VjR3RwTG1kdmIyY3ZaM055TVM5bmMzSXhMbU55YkRBN0JnTlZIU0FFTkRBeU1BZ0dCbWVCREFFQ0FUQUlCZ1puZ1F3QkFnSXdEUVlMS3dZQkJBSFdlUUlGQXdJd0RRWUxLd1lCQkFIV2VRSUZBd013RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURTa0hyRW9vOUMwZGhlbU1Yb2g2ZEZTUHNqYmRCWkJpTGc5TlIzdDVQK1Q0VnhmcTd2cWZNL2I1QTNSaTFmeUptOWJ2aGRHYUpRM2IydDZ5TUFZTi9vbFVhenNhTCt5eUVuOVdwcktBU09zaElBckFveVpsK3RKYW94MTE4ZmVzc21YbjFoSVZ3NDFvZVFhMXYxdmc0RnY3NHpQbDYvQWhTcnc5VTVwQ1pFdDRXaTR3U3R6NmRUWi9DTEFOeDhMWmgxSjdRSlZqMmZoTXRmVEpyOXc0ejMwWjIwOWZPVTBpT015K3FkdUJtcHZ2WXVSN2haTDZEdXBzemZudzBTa2Z0aHMxOGRHOVpLYjU5VWh2bWFTR1pSVmJOUXBzZzNCWmx2aWQwbElLTzJkMXhvemNsT3pnalhQWW92SkpJdWx0emtNdTM0cVFiOVN6L3lpbHJiQ2dqOD0iXX0.eyJub25jZSI6ImN0dnpHQnFHQkorWThUNklWVTM2aXUyOEtzemVaTE5TVTJGbVpYUjVJRTVsZENCVFlXMXdiR1U2SURFM01USTJOVEkzTmpReE1EVT0iLCJ0aW1lc3RhbXBNcyI6MTcxMjY1Mjc3MDUxNiwiYXBrUGFja2FnZU5hbWUiOiJjb20uZmxpbmthcHBzLnNhZnRleW5ldCIsImFwa0RpZ2VzdFNoYTI1NiI6IkpKdHlkZjVyblJ4YytTK1ZrSENBUVdKWVFxcDliL0FkYklhVjlZckRDcnM9IiwiY3RzUHJvZmlsZU1hdGNoIjpmYWxzZSwiYXBrQ2VydGlmaWNhdGVEaWdlc3RTaGEyNTYiOlsiRDN6MjZ3S1doL2RTTkdsczJqQU14MTFNa2YwOWVVcUFPWmFhM2xXKzVBMD0iXSwiYmFzaWNJbnRlZ3JpdHkiOnRydWUsImV2YWx1YXRpb25UeXBlIjoiQkFTSUMiLCJkZXByZWNhdGlvbkluZm9ybWF0aW9uIjoiVGhlIGFwcCBpcyBhbGxvd2xpc3RlZCB0byB1c2UgdGhlIFNhZmV0eU5ldCBBdHRlc3RhdGlvbiBBUEkgdW50aWwgdGhlIGZ1bGwgdHVybmRvd246IGh0dHBzOi8vZy5jby9wbGF5L3NhZmV0eW5ldC10aW1lbGluZS4ifQ.c7TsHcXTfFO57j9eQOPRNEMqab-YG-FLEZOQyPNZEg2rYHbjyqK46uU5x5ePbzXgYR0gh_gifoaySizVjzL-pl8CVz4FSdJ7aeSkQ4BYtV3kFprPiGormMU5Ze7tF39PwLvUDZoEzB7mev_LI73rZEcsF-_qdPeeOYWbozXRc_KF8knw5uLWaQfmFE_sHxa_7hIlmnLb-PGrWM_7X1tn9JfVrAToiRcKyyuXlo5OsfRVlodgmBupxgV5EDpxZ1PzgISph1HJE237-LTSmsDz0Yq94zekucfUbRwgOPR6XrPEDBWllKWTUQu7ffizgRHDtqwusgT3vWAIfpgpA__Gvg

this jwt token cuz it！

Reproduction

JWT jwt = new JWT(jwsResult);            

Caused by: com.auth0.android.jwt.DecodeException: The token's payload had an invalid JSON format.
at com.auth0.android.jwt.JWT.parseJson(JWT.java:247)
at com.auth0.android.jwt.JWT.decode(JWT.java:213)
at com.auth0.android.jwt.JWT.(JWT.java:40)

Additional context

No response

JWTDecode.Android version

2.0.2

Android version(s)

13

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Hi, can anyone help me with this? I'm trying to extract the data from the JWT token using JWTDecode. When I debug, I get the values but when I use them I get null.

Reproduction

String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InZhaWJoYXYubWFuZGxpazFAZ21haWwuY29tIiwiaWQiOjEsImNhdGVnb3J5IjoiMSIsImVtYWlsIjoidmFpYmhhdi5tYW5kbGlrMkBnbWFpbC5jb20iLCJyZWZlckNvZGUiOiJWVFlKSCIsImlhdCI6MTY4NTg3MTkxNSwiZXhwIjoxNjg1ODc1NTE1fQ.XPKYs9mhS3pgF13a5PDek0EhM_izfg1gP0aCxyxdWAI";

JSONObject jsonObject = new JSONObject(userData); JWT jwt = new JWT(jsonObject.getString("token")); if (jwt.getClaims().containsKey("referCode")) { TextView referCode = dialog.findViewById(R.id.refer_code); referCode.setText(jwt.getClaims().get("referCode").asString()); }

Additional context

No response

JWTDecode.Android version

2.0.2

Android version(s)

13

As per the jwt spec, the recommended claims such as "sub" are not mandatory.
Due to certain business requirements, I have to construct a "temporary" JWT which has "sub" as null.

The library throws an exception on android.

The Maven Repository page for this repo doesn't express version 2.0.0 is out

Hi, I’m currently using the library in my android app for receiving a token with a claim called “user_claim” that contains a list of parameters, the decode works fine because I can see the values while debugging but when I use one of the methods asList, asArray, asString to get values of the claim, returns null or an empty list or array, I’m using Java 8 in Android Studio 3.0.1 and jwtdecode:1.1.1, I’m not sure if something is missing, also here is a fragment of my code in case something is missing in my implementation you can tell me:

JWT jwtToken = new JWT(token);
Claim userClaim = jwtToken.getClaim("user_claims");
ArrayList<String> list = new ArrayList<>(userClaim.asList(String.class));

Best
Luis

I have an example JWT in this format:

eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiZmIxNTQ5YmYtMWNmYi00ZjhiLTkxODgtZjZiMTgzYmVmOGFiIiwiZXhwIjoxNTIwNTUzMDQ5LCJpYXQiOiIyMDE4LTAyLTA4IDIzOjUwOjQ5IFVUQyJ9.EfkRQhLKelDXX6XPbA7wVug9k90wioHBhEc1vA07OAA

When I run this through new JWT();, I get an exception claiming some sort of invalid JSON formatting. I've looked at the Base64 decode of this string, and it looks valid too me, but the payload section is triggering an exception. What is wrong with this token? Is the lack of signature causing this issue?

Description

I m decoding token to json but i m not getting it.

Environment

Please provide the following:

• Version of JWTDecode.Android used: latest
• Version of Android used:8.0
• Additional libraries that might be affecting your instance:

Reproduction

Detail the steps taken to reproduce this error and note if this issue can be reproduced consistently or if it is intermittent.

Please include:

Token :: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlFqZEdORGcyUlRVM01EYzNPVFpGTVVJNU5EZzRPVFEwUXpoRk5VSXdRek14TURBM1JqQTJNZyJ9.eyJodHRwczovL2NvaGVzaW9uaWIuY29tL2licF9idWlsZGluZ0NvZGUiOiJKSVJBMDAxIiwiaHR0cHM6Ly9jb2hlc2lvbmliLmNvbS9pYnBfY29tcGFueUNvZGUiOiJBMTA1IiwiaHR0cHM6Ly9jb2hlc2lvbmliLmNvbS9pYnBfdXNlcklkIjoiYjMwMjM2MjMtZWFjNi00ZDE5LTgyZWUtMDhkNjhiMzk4OWJhIiwiaHR0cHM6Ly9jb2hlc2lvbmliLmNvbS9pYnBfcm9sZXMiOlt7Im1JZCI6MSwidmFsIjowLCJmTGlzdCI6W3siZklkIjoxMDUsInZhbCI6MH0seyJmSWQiOjEwNCwidmFsIjowfV19LHsibUlkIjoyLCJ2YWwiOjAsImZMaXN0IjpbeyJmSWQiOjIwMiwidmFsIjowfSx7ImZJZCI6MjAzLCJ2YWwiOjB9LHsiZklkIjoyMDEsInZhbCI6MH0seyJmSWQiOjIwNCwidmFsIjowfV19LHsibUlkIjozLCJ2YWwiOjAsImZMaXN0IjpbeyJmSWQiOjMwMSwidmFsIjowfSx7ImZJZCI6MzA0LCJ2YWwiOjB9LHsiZklkIjozMDIsInZhbCI6MH0seyJmSWQiOjMwMywidmFsIjowfSx7ImZJZCI6MzA1LCJ2YWwiOjB9XX0seyJtSWQiOjQsInZhbCI6MCwiZkxpc3QiOlt7ImZJZCI6NDAzLCJ2YWwiOjB9LHsiZklkIjo0MDIsInZhbCI6MH0seyJmSWQiOjQwMSwidmFsIjowfV19LHsibUlkIjo1LCJ2YWwiOjAsImZMaXN0IjpbeyJmSWQiOjUwMiwidmFsIjowfSx7ImZJZCI6NTA0LCJ2YWwiOjB9LHsiZklkIjo1MDEsInZhbCI6MH0seyJmSWQiOjUwNSwidmFsIjowfSx7ImZJZCI6NTAzLCJ2YWwiOjB9XX0seyJtSWQiOjYsInZhbCI6MCwiZkxpc3QiOlt7ImZJZCI6NjAxLCJ2YWwiOjB9LHsiZklkIjo2MDMsInZhbCI6MH0seyJmSWQiOjYwMiwidmFsIjowfV19LHsibUlkIjo3LCJ2YWwiOjAsImZMaXN0IjpbeyJmSWQiOjcwMSwidmFsIjowfSx7ImZJZCI6NzAzLCJ2YWwiOjB9LHsiZklkIjo3MDIsInZhbCI6MH1dfSx7Im1JZCI6OCwidmFsIjowLCJmTGlzdCI6W3siZklkIjo4MDEsInZhbCI6MH0seyJmSWQiOjgwMiwidmFsIjowfV19LHsibUlkIjo5LCJ2YWwiOjAsImZMaXN0IjpbeyJmSWQiOjkwMywidmFsIjowfSx7ImZJZCI6OTAxLCJ2YWwiOjB9LHsiZklkIjo5MDIsInZhbCI6MH0seyJmSWQiOjkwNCwidmFsIjowfV19XSwiaXNzIjoiaHR0cHM6Ly9jb2hlc2lvbmliLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YzU5MzdjN2ZlMjkxMzA3ZjU1MjEzZDAiLCJhdWQiOlsiaHR0cDovLzEwNC4yMTEuMTY3LjY0OjgyLyIsImh0dHBzOi8vY29oZXNpb25pYi5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNTQ5MzU2NDUxLCJleHAiOjE1NDk0NDI4NTEsImF6cCI6IjRXRTB0OUhsUEpKeTUzN3F1bXEzaU9oRWNuTkJ5MHR0Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCBvZmZsaW5lX2FjY2VzcyJ9.dAtyCS2C_OdvvUHRwMEISOC_jUS4xtfX69wR_o8_yvBa5iCoitayb9LMcmAtYc6O62dd97lPQhRVbvD0fljpxqjQ3F8Bqk28wrMlJOB7aqSJuugQWE7t-jAKU5yrgOxrPw9HRQ6kiLQpzqAsd9fsoR_bsESb4e8tG1qhvnI6Ign0a3xOMsAmyYr7Pf2wJWbh_H10ibwUD50q-75npC9P88mOv1vZnga0vpW0OqXy3ZaKUGry4dKwhbsHSfm4JsctneewvdVGT2Ky1Hddlvol6t7pENGY1toaAJN_OY57uo-8J4cb7p0WFH84bAN_A0xAQcYmFI1Nc5Aw_115PEq1KA

try {
JWT jwt = new JWT(payload.getAccessToken());

                   Map<String, Claim> allClaims = jwt.getClaims();

                   Claim subscriptionMetaData =  jwt.getClaim("https: //cohesionib.com/ibp_companyCode");
                   String parsedValue = subscriptionMetaData.asString();

                   Log.e("decoded" ,"" +  parsedValue);
                   Log.e("decoded 1 " ,"" +  allClaims);

               } catch (DecodeException exception){
                   //Invalid token
                   Log.e("decoded" ,"" +  exception.getMessage());
               }

All Claim :: {https://cohesionib.com/ibp_companyCode=com.auth0.android.jwt.ClaimImpl@7435f82, sub=com.auth0.android.jwt.ClaimImpl@f557693, aud=com.auth0.android.jwt.ClaimImpl@a3676d0, https://cohesionib.com/ibp_roles=com.auth0.android.jwt.ClaimImpl@64426c9, azp=com.auth0.android.jwt.ClaimImpl@74bf1ce, scope=com.auth0.android.jwt.ClaimImpl@256e8ef, https://cohesionib.com/ibp_buildingCode=com.auth0.android.jwt.ClaimImpl@1d42ffc, iss=com.auth0.android.jwt.ClaimImpl@6df6685, https://cohesionib.com/ibp_userId=com.auth0.android.jwt.ClaimImpl@e395cda, exp=com.auth0.android.jwt.ClaimImpl@353250b, iat=com.auth0.android.jwt.ClaimImpl@1324fe8}

PArticular Claim :: null

Please Help as soon as possible.

Hello,

When I try

gson.fromJson(jsJWT, JWT.class)

I get an exception:

java.lang.RuntimeException: Unable to invoke no-args constructor for interface com.auth0.android.jwt.Claim. Register an InstanceCreator with Gson for this type may fix this problem.

I use 'com.auth0.android:jwtdecode:1.1.1'

I hope you can help...
Thanks

I am trying to add in dependencies in my project but it is causing error. I know it's not a problem to be questioned here, but someone can help me. What happens is if I add:
All com.android.support libraries must use the exact same version specification (mixing versions can lead to runtime crashes).
My gradle file:

apply plugin: 'com.android.application'

android {
    compileSdkVersion 23
    buildToolsVersion "25.0.1"
    defaultConfig {
        applicationId "mobitrak.zenitetecnologia.com.br.mobitrak"
        minSdkVersion 19
        targetSdkVersion 23
        versionCode 1
        versionName "1.0"
        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
        multiDexEnabled true
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}

dependencies {
    compile fileTree(dir: 'libs', include: ['*.jar'])
    androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
        exclude group: 'com.android.support', module: 'support-annotations'
    })
    compile 'com.auth0.android:jwtdecode:1.1.1'
    compile 'com.android.support:appcompat-v7:23.2.1'
    compile 'com.android.support.constraint:constraint-layout:1.0.0-alpha4'
    compile 'com.android.support:design:23.0.1'
    compile 'com.squareup.retrofit2:retrofit:2.1.0'
    compile 'com.squareup.retrofit2:converter-gson:2.1.0'
    compile 'com.google.android.gms:play-services:10.0.1'
    compile 'com.google.firebase:firebase-messaging:9.6.1'
    compile 'com.android.support:multidex:1.0.1'

    testCompile 'junit:junit:4.12'
}

apply plugin: 'com.google.gms.google-services'

It would be convenient to be able get all claims from JWT's payload. JWTPayload class has a private tree object. Could it be returned, when we'd call getAllClaims() on our token instance?

Describe the problem

JWT(accessToken) fails with DecodeException, "The token's payload had an invalid JSON format." when the token header contains anything other than String key/value pairs. Arrays and JSON objects are not supported.

FusionAuth started sending an array as the value in new responses, causing this library to fail. Below is an example token response header which fails:

{
  "alg": "RS512",
  "typ": "JWT",
  "gty": [
    "authorization_code"
  ]
}

The "gty" field can't be parsed because it contains an array.

What was the expected behavior?

This is valid JSON, so this should not fail. I don't believe JWT disallows additional fields.

Reproduction

The problem is JWT only decodes for String values in the header. Something that is seemingly fixed in the Auth0/Android library.

Environment

• Version of this library used: 2.0.1

isExpired(leeway) always returns me false
shouldn't it be

        boolean expValid = payload.exp == null || !futureToday.after(payload.exp);
        boolean iatValid = payload.iat == null || !pastToday.before(payload.iat);

instead of

        boolean expValid = payload.exp == null || !pastToday.after(payload.exp);
        boolean iatValid = payload.iat == null || !futureToday.before(payload.iat);

?

Hi,

In https://github.com/auth0/java-jwt there is a specific section on how to verify a token.

I was wondering if that is possible on the Android side, i.e. if I have the public key and the algorithm, how could we verify that the received token was issued by a valid issuer?

In short, is there any way to verify the issuer of a signed token?

Many thanks in advance,

Manos

Describe the problem

An exception is thrown when parsing a JWT with explicit nulls instead of absent fields.

What was the expected behavior?

The JWT token is parsed with null fields

Reproduction

Try parsing

eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOm51bGx9.2zjeZFRPs4sTM9Lmb10uzLOJdWAtlmGUQJByV8o8jZY

this corresponds to:

{
  "iss": null
}

an exception will be thrown, whereas one would not be thrown with:

{}

This exception comes from calling .getAsString() on JsonNull in this method https://github.com/auth0/JWTDecode.Android/blob/master/lib/src/main/java/com/auth0/android/jwt/JWTDeserializer.java#L71.

Perhaps you could change your check to:

if (!obj.has(claimName) || obj.get(claimName).isJsonNull()) {
    return null;
}

When minifyEnabled is set to true, android app crashes moment user logs in and receives JWT token.
Do we need to add any proguard rules while using this library? Nothing is mentioned in steps so i was wondering.

What was the expected behavior?

User should be able to login with valid token received from server. If i remove minifyEnabled flag it works.

• Version of the library used : 2.0.0
• Crash log:
  g.b.a.a.d: The token was expected to have 3 parts, but got 1.
  at g.b.a.a.e.(:6)
  at g.c.a.a.k.b.a(Unknown Source:7)
  at g.c.a.a.i.j.a(:11)
  at g.c.a.a.j.a$b.a(Unknown Source:12)
  at j.l0.g.e$a.run(:6)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
  at java.lang.Thread.run(Thread.java:919)

Hi maintainers,

would it be possible to get a version of this library without gson? My current application has no reference to this and I don't want to bloat it. Why not just using pure json.org.
If you would be fine with this, I also could create a PR with these changes.

Best
Hasan

Description

Getting Nullpointer Exception after calling:

val token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

val jwt = JWT(token)

This line returns null for string: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
byte[] bytes = Base64.decode(string, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);

In Gradle:
implementation 'com.auth0.android:jwtdecode:2.0.0'

Stacktrace:

java.lang.NullPointerException
at java.lang.String.(String.java:515)
at com.auth0.android.jwt.JWT.base64Decode(JWT.java:235)
at com.auth0.android.jwt.JWT.decode(JWT.java:213)
at com.auth0.android.jwt.JWT.(JWT.java:40)
at *.utils.TokenValidator.isTokenValid(TokenValidator.kt:9)
at *.pwa.webview.PWAWebViewModelImpl$onTokenInvalid$1.invoke(PWAWebViewModel.kt:273)
at *.pwa.webview.PWAWebViewModelImpl$onTokenInvalid$1.invoke(PWAWebViewModel.kt:48)
at *.utils.TestPWAModel.onTokenInvalid(MockFactory.kt:218)
at *.webview.PWAWebViewModelImpl.onTokenInvalid(PWAWebViewModel.kt:272)
at *.PWAWebViewModelTest.new token is passed in token invalid callback(PWAWebViewModelTest.kt:426)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.mockito.internal.runners.DefaultInternalRunner$1$1.evaluate(DefaultInternalRunner.java:44)
at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.mockito.internal.runners.DefaultInternalRunner$1.run(DefaultInternalRunner.java:74)
at org.mockito.internal.runners.DefaultInternalRunner.run(DefaultInternalRunner.java:80)
at org.mockito.internal.runners.StrictRunner.run(StrictRunner.java:39)
at org.mockito.junit.MockitoJUnitRunner.run(MockitoJUnitRunner.java:163)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:230)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:58)

Someone mentioned that JWT signing on clients does not make much sense because you can't keep the shared secret secret.

I still don't get the complete picture why.
Supposed I have a login screen for my user on a mobile app, and I negotiate the shared secret between clients and servers on each login. I can keep the shared secret in, says, secured storage of the device, can't I?

I don't see which part of it is not feasible.
Can someone explain the lack of an encoding library for mobile devices?
May I add it as a feature request?

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Hello,

Recently I found this issue. Sometimes it shows this error but If i decode error token in jwt website it is ok. can you please look into it

com.auth0.android.jwt.DecodeException: The token was expected to have 3 parts, but got 1.

Reproduction

1. use token to decode.

Additional context

No response

JWTDecode.Android version

2.0.2

Android version(s)

12

Describe the problem

After insetting

implementation 'com.auth0.android:jwtdecode:2.0.0'

in my app built.gradle I loose all refference to Gson in the rest of my project.

What was the expected behavior?

to keep Gson

Reproduction

    implementation 'com.squareup.retrofit2:retrofit:2.9.0'
    implementation 'com.squareup.retrofit2:converter-gson:2.9.0'
    implementation 'com.auth0.android:jwtdecode:2.0.0'

Environment

Android
Groovey
Kotlin

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Hello,

I am using this library in my android application to decode jwt token but sometimes i am getting this eror (java.lang.ArrayIndexOutOfBoundsException - length=1; index=1) error but token is valid.
How I can solve this issues can you please suggest me.

Reproduction

I can't produce it since my application in play store.

Additional context

No response

JWTDecode.Android version

2.0.2

Android version(s)

13

Current api allows only to get primitives from claim. In case claim contains objects they can't be parsed.

Since the library already uses GSON it would be very useful to parse the payload using it, instead of parsing it manually using getBoolean, getInt and so on methods.