DecodeException when header contains array

[Whathecode]

trafficstars

Describe the problem

JWT(accessToken) fails with DecodeException, "The token's payload had an invalid JSON format." when the token header contains anything other than String key/value pairs. Arrays and JSON objects are not supported.

FusionAuth started sending an array as the value in new responses, causing this library to fail. Below is an example token response header which fails:

{
  "alg": "RS512",
  "typ": "JWT",
  "gty": [
    "authorization_code"
  ]
}

The "gty" field can't be parsed because it contains an array.

What was the expected behavior?

This is valid JSON, so this should not fail. I don't believe JWT disallows additional fields.

Reproduction

The problem is JWT only decodes for String values in the header. Something that is seemingly fixed in the Auth0/Android library.

Environment

• Version of this library used: 2.0.1

[poovamraj]

Hi @Whathecode, can you provide us a sample JWT (without sensitive information/access) to understand the issue.

[Whathecode]

@poovamraj I updated the already given example to be clearer. This is a token reponse header which fails with the current library.

It's not a feature request; as far as I can tell the spec allows this information to be present. Unless this library is only supposed to be consumed for 0auth 🤷‍♂️. Otherwise I'll have to file a bug report to FusionAuth.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️