jsonwebtoken icon indicating copy to clipboard operation
jsonwebtoken copied to clipboard
verified publisher icon Keats

can't handle null values if they are present

Open spencerbart opened this issue 2 years ago • 2 comments

Screenshot 2023-02-18 at 22 02 06

Json deserializing breaks when "aud" is null like in this case.

Here's the error message

Error(Json(Error("duplicate field `aud`", line: 1, column: 257)))

There is no other aud field.

spencerbart avatar Feb 19 '23 05:02 spencerbart

I'm not sure why this error happens but that would be an invalid JWT either way. We should have a better error though but it looks like it comes from serde somehow

Keats avatar Feb 19 '23 13:02 Keats

https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3

@Keats you are correct. It would be an invalid JWT. I didn’t realize that at first.

Our Ruby On Rails monolith issues these JWTs with a Devise plugin. We’re building a Rust microservice and I couldn’t get authentication to work. I realize now that it’s an issue with our Rails service. I just couldn’t figure out the issue because Rails and jwt.io would be able to validate it and Rust couldn’t.

spencerbart avatar Feb 19 '23 20:02 spencerbart