Auth0 Home Blog Docs

JWT.decode(id_token) Fails Silently

jwt
azure-ad
microsoft
#1

I have a web client and REST API that I’m trying to secure with JWT. I have the client-side Azure AD interaction working and I am successfully obtaining an id_token and an access_token.

For reasons I don’t yet understand, Azure AD puts the “roles” claim in the id_token and not in the access_token so I am passing both tokens to the server in the header of my https request to my REST services.

I am running a Grizzly + JAX-RS web server application and am trying to implement a ContainerRequestFilter that will validate the user’s role against the REST service they are requesting.

My problem is that in my ContainerRequestFilter I call:

     DecodedJWT jwtIdent = JWT.decode(identificationHeader);

and it never returns or the Grizzly thread dies or some other catastrophe occurs but it never gets past this point and there are no discernible exceptions.

Curiously, I have a standalone application that makes exactly the same call and it works perfectly.

Does anyone have any idea what might be going on?

The client-side request object is set up as such:

var request = {
            method: 'POST',
            url: url,
            headers: {
                'Content-Type': 'application/json;charset=utf-8',
                'Authorization': "Bearer " + $scope.tokens.accessToken,
                'Identification': $scope.tokens.idToken
            }
        };

I am concerned that the “charset=utf8” may be interacting poorly with the decode call.

Thanks in advance.