Spring security does not accept "at+jwt"

skyep29 · November 10, 2020, 6:45am

Good day, I’m using spring-security-jwt release 1.1.1. When I try to decode an access token, it fails in the class below, as it expects “JWT”, but gets “at+jwt”. Does anyone know how I can get it to accept the “at+jwt” typ?

HeaderParameters(Map<String, String> map) {
        this.typ = "JWT";
        String alg = (String)map.get("alg");
        String typ = (String)map.get("typ");  //here my typ is "at+jwt"
        if (typ != null && !"JWT".equalsIgnoreCase(typ)) {
            throw new IllegalArgumentException("typ is not \"JWT\"");
        } else {
            map.remove("alg");
            map.remove("typ");
            this.map = map;
            if (alg == null) {
                throw new IllegalArgumentException("alg is required");
            } else {
                this.alg = alg;
            }
        }
    }

Topic		Replies	Views
Java Security Bug Help	2	2075	July 1, 2021
Is java-jwt compatible with Java21? JWT.io jwt , auth0 , java	4	242	September 5, 2024
Non-spring java sdk and example to put in filters for authentication validation? Help	0	1657	March 6, 2022
JWT Authentication example not working? JWT.io spring , java	2	4292	August 29, 2023
Protected API allows GET requests through Help auth0 , api , spring-security	2	2435	April 8, 2022

Spring security does not accept "at+jwt"

Related Topics