ruby-jwt icon indicating copy to clipboard operation
ruby-jwt copied to clipboard

Published 20 hours ago verified publisher icon jwt

JWT.encode method breaking changes

Open msxavi opened this issue 7 years ago • 6 comments

Hi guys,

I think you have introduced breaking changes somewhere along the path within a patch upgrade instead of a major version because I've got version 1.5.1, where JWT.encode method works with string:

JWT.encode("host", ENV['SECRET'])

And after updating to 1.5.6 the same method with string "host" raises:

JSON::GeneratorError: only generation of JSON objects or arrays allowed
from /Users/me/.rvm/gems/ruby-2.3.5/gems/json-1.8.6/lib/json/common.rb:223:in `generate'

I'd rather have all bugfixes done until version 1.5.6, but with no breaking changes such the aforementioned. Is there anything you can do?

msxavi avatar Dec 01 '17 04:12 msxavi

@msxavi I am aware of that problem. IMHO: Rewinding it would cause more trouble.

Is it possible to test your code against the latest 2.1.0 release of ruby-jwt?

This string payload issue was tackeled in #236.

Release notes: https://github.com/jwt/ruby-jwt/releases/tag/v2.1.0

excpt avatar Dec 01 '17 14:12 excpt

@msxavi Any updates on this issue?

excpt avatar Jan 09 '18 23:01 excpt

@excpt updating ruby-jwt will consequently update json as well and this is leading us to greater updates as the dependencies are many. Still thinking over.

msxavi avatar Jan 10 '18 00:01 msxavi

@msxavi Is this still an issue? Did an update of json work for your use-case?

excpt avatar Mar 22 '18 22:03 excpt

@excpt hopefully this confirms a fix and sheds more light for anyone else who stumbles upon this.

I had the same issue where JWT.encode would fail on encode for String. I was able to upgrade JWT to 2.1.0 but I was still receiving JSON::GeneratorError: only generation of JSON objects or arrays allowed.

After investigating further I notice the version of the json gem I was using was 1.8.6. I was able to upgrade the json gem to the latest version (2.1.0) and the problem is now resolved.

In rails/ruby console:

# latest version of json gem (2.1.0)
JSON.generate("test")
#  => "\"test\""

# json gem version  1.8.6
JSON.generate("test")
# =>JSON::GeneratorError: only generation of JSON objects or arrays allowed

NCCastillo avatar Mar 28 '18 23:03 NCCastillo

Hi there! Another potential solution is to modify lib/jwt/json.rb and replace

        ::JSON.generate(data)

with

        ::JSON.generate(data, { quirks_mode: true })

If the maintainers are happy with this approach, I'd be happy to submit a pull request!

d3v-null avatar Dec 23 '19 10:12 d3v-null

Closing as a stale issue. I think we do not want to introduce any quirks on the JSON parsing. The JWT RFC is pretty clear on that the payload needs to be a valid JSON object.

anakinj avatar Oct 06 '22 06:10 anakinj