-
-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG]Error parsing body of Firebase JWT token #4
Comments
Thanks for submitting the issue. I replied to your PM :)
|
Thanks for the reply, and having flat hierarchies makes sense. I don't know if it makes the fix easier, but for my use case it would be totally acceptable if the nested objects are ignored. Without too much knowledge on JWT, I'd still guess that most claims in nested objects are for really particular use cases. So for me, not mapping them to a C-struct makes sense. But for me a library that would to the following would be super useful:
But even if you don't return that string, with just ignoring the nested objects it would already be very useful. At least I know that whatever is claimed is signed. And I don't have to worry about the basic checks. Decoding and parsing the remaining json should be easy enough for most users who need advanced checking beyond that. |
After typing the last comment I went ahead and checked I turns out that if I ignore this particular claim the verification passes successfully. Below is how I hacked to code to do that. Anyway, I'm not sure how this would be useful elsewhere, but for me this means I can now finally verify firebase tokens :-)
|
Cool :) If you're happy I'm happy. Yeah, if it works like that it means that it's definitively because of the nested claim objects (the check I still want to look into this as soon as I have the time, and see if there's something minimal I can do, but until then I think I'll close this issue and add it to my own personal to do list |
Cool, I've forked your repo and made those changes to my copy. Now I can finally validate my tokens. Thanks for your help. I've learned a lot about jwt :-D |
@xy4455 Hi there, hope you had a lovely 4 years ;D Sorry for the insane delay. Maybe you don't even remember this, but I never forgot about it. It was always kind of in the back of my head as an unclosed to-do item. I finally found some time to give due love to my FOSS libs on GH. I have updated l8w8jwt's dependencies and addressed some of the issues/feature requests that users have reported. While it still is not recommended to have non-flat claim values, there is now an "official" workaround that at least allows users to decode and validate JWTs while receiving the decoded payload JSON string out from the Thanks again for the issue submission. Check out release 2.3.1 here: https://github.com/GlitchedPolygons/l8w8jwt/releases/tag/2.3.1 :) Cheers, and have a wonderful 2024! |
Describe the bug
When parsing a token generated by Firebase auth (some reference) l8w8jwt seems to be having some trouble parsing the body json.
I'll send the real token as a PM.
Parsing fails (or more accurately the failure is detected) on line 122 of decode.c:
The token (stripped from sensitive data) is below:
To Reproduce
Steps to reproduce the behavior:
Load firebase auth token using l8w8jwt
Expected behavior
A clear and concise description of what you expected to happen.
The text was updated successfully, but these errors were encountered: