JSON deserialization will not preserve the order of the claims

Question

JSON deserialization will not preserve the order of the claims

Opened this issue 4 years ago · 0 comments

For example when the JWT is signed, the decoded payload looks like so - note the order of the properties under data.

Upon deserialisation, the order of the properties are not preserved and are sorted in alphabetical order (per encoding/json). This results in an error when the validation of the token occurs as the byte difference between the token when it was signed and now is fundamentally different.

Solution - when encoding the header/payload - ensure that the ORDER of the data is preserved when it is decoded - this way the signature does not change as the 'bytes' change if the order of the data changes.