jwtk/jjwt

Don't parse jwt token from android lib after update to version 0.12.3

phamhongphong opened this issue · 2 comments

phamhongphong commented

After i updated to latest version 0.12.3 my app don't parse jwt token, it throw an exception.
This is my install configuration:
api 'io.jsonwebtoken:jjwt-api:0.12.3'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.3'
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:0.12.3') {
exclude group: 'org.json', module: 'json' //provided by Android natively
}

This is my code to parse jwt token:
public static Claims parseToken(String token){
return Jwts
.parser()
.verifyWith(Keys.hmacShaKeyFor(md5("secretkey").getBytes(StandardCharsets.UTF_8)))
.build()
.parseSignedClaims(token)
.getPayload();
}

and this is error message:

Malformed protected header JSON: Unable to deserialize: No direct method (Ljava/io/Reader;)V in class Lorg/json/JSONTokener; or its super classes (declaration of 'org.json.JSONTokener' appears in /apex/com.android.art/javalib/core-libart.jar)
io.jsonwebtoken.MalformedJwtException: Malformed protected header JSON: Unable to deserialize: No direct method (Ljava/io/Reader;)V in class Lorg/json/JSONTokener; or its super classes (declaration of 'org.json.JSONTokener' appears in /apex/com.android.art/javalib/core-libart.jar)
at io.jsonwebtoken.impl.io.JsonObjectDeserializer.malformed(JsonObjectDeserializer.java:76)
at io.jsonwebtoken.impl.io.JsonObjectDeserializer.apply(JsonObjectDeserializer.java:70)
at io.jsonwebtoken.impl.DefaultJwtParser.deserialize(DefaultJwtParser.java:890)
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:380)
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:362)
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:94)
at io.jsonwebtoken.impl.io.AbstractParser.parse(AbstractParser.java:36)
at io.jsonwebtoken.impl.io.AbstractParser.parse(AbstractParser.java:29)
at io.jsonwebtoken.impl.DefaultJwtParser.parseSignedClaims(DefaultJwtParser.java:821)

Where is wrong?

lhazlewood commented

Thanks for reporting this. It seems as if the native version on Android doesn't support the Reader argument with JSONTokener. We'll have to see if we can make a workaround.

In the meantime, can you remove or comment the line:

exclude group: 'org.json', module: 'json' //provided by Android natively

and see if that works?

phamhongphong commented

i commented this configuration exclude group: 'org.json', module: 'json' //provided by Android natively and then error is gone.
Thanks your help