Auth0 Home Blog Docs

Auth0 Android JWT library — private claim spec

I’m being sent a JWT with a private claim whose value is in the form of a JSON object. jwtdecode’s Claim class has methods to pull the value as one of several primitives, or as an array of objects, but no method to pull it as a single object.

I’m unable to find any documentation which specifies valid formats for private claim values, and I’m wondering why the developers didn’t include such a method. Was it an oversight, or is there some spec I can point to that will allow me to tell the sender they’re doing it wrong?

I see this issue on github, and its associated pull request. Hopefully the authors decide to merge it.

Hey there @chrisbtoo!

I’ll reach out to repo maintainers to relay that info and let them know about issues and related PR!

Seems they’ve been stubbornly refusing to merge it for over a year, even though the JWT spec clearly says it’s a valid Claim format. I hereby criticize that idea.