Description
I've two problems with the boolean isSigned(String jwt) method:
The following function call returns true if I provide a normal JSON (NOT a signed JWT):
Jwts //
.parserBuilder() //
.setSigningKey(getPublicKey()) //
.build() //
.isSigned(json);If I change the method calls to the following:
Jwts //
.parserBuilder() //
.setSigningKey(getPublicKey()) //
.build() //
.parseClaimsJws(json);a io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 14 is thrown (which is the expected behavior).
As json a valid JSON is provided (NOT a JWT, maybe it can be any string?), e.g.
{
"version": "foo",
"url": "bar",
"release_notes": "baz"
}
If I provide a valid JWT, signed with a different private key, isSigned also returns true.
From the doc:
* Returns {@code true} if the specified JWT compact string represents a signed JWT (aka a 'JWS'), {@code false}
* otherwise.
* <p>
* <p>Note that if you are reasonably sure that the token is signed, it is more efficient to attempt to
* parse the token (and catching exceptions if necessary) instead of calling this method first before parsing.</p>
Do I understand this method in a wrong way? I just want to check if a string is a JWT signed with the corresponding key. In my opinion isSigned should return false in both cases.
At a different code location I use parseClaimsJws, that works great 😍
As version I use the latest 0.11.1