1

I have been using jose4j version 0.6.0 for Json Web Token(JWT) generation. All is good up-till token generation, token verification . JWT's claims payload can have number of elements like version, tokenId, issuer,permissions etc. I'm passing TokenPermissions object which is standard object in oneM2M release 2 specification i.e.

JwtClaims claims = new JwtClaims();
claims.setIssuer("DAS@ServiceProvider");  
claims.setAudience("CSE001"); //
.....
.........
TokenPermissions tokenPerms = new TokenPermissions();
TokenPermission tokenPerm = new TokenPermission();
tokenPerm.getResourceIDs().add("RXYZ");
tokenPerm.setPrivileges(setOfAcr);// setOfACr is another object on oneM2M    
tokenPerms.getPermission().add(tokenPerm);
claims.setClaim("permissions",tokenPerms);

Above snippet of code generates following JWT Claim Set {iss=DAS@ServiceProvider, aud=CSE001, exp=1508999613, jti=H1wm_yaOe61Co-wND7wBAw@DAS@CDOT-SP, iat=1508996013, nbf=1508995953, sub=subject, email=mail@example.com, groups=[group-one, other-group, group-three], version=1.0.0, permissions=cdot.onem2m.resource.xsd.TokenPermissions@7f3b97fd}

Whole to the token passes the signature and claims validation but when is I try of typecast permission attribute to TokenPermissions it through error.

tokenPermsObject =     jwtClaims.getClaimValue("permissions",TokenPermissions.class);

It through below error : org.jose4j.jwt.MalformedClaimException: The value of the 'permissions' claim is not the expected type (xyz.xsd.TokenPermissions@7f3b97fd - Cannot cast java.lang.String to xyz.xsd.TokenPermissions.TokenPermissions)

What type of claims object could be passed in jose4j JWT, does I have to mandatorily pass text in claims set. Any help would be highly appreciated.

Chaitan Yadav
  • 105
  • 10

1 Answers1

1

jose4j's JSON processing was derived from the JSON.simple toolkit and is fairly basic in how it converts between JSON and Java objects. It will do strings, numbers, booleans, maps and lists.

If you want/need to use a more sophisticated JSON library you can use setPayload(...) on JsonWebSignature when creating the JWT and give it the the JSON string you've produced elsewhere. And when consuming a JWT, String getRawJson() on JwtClaims will give you the JSON string payload that you can hand off to some other lib.

Brian Campbell
  • 2,293
  • 12
  • 13
  • Thanks Brain for replying and helping, I was also trying to serialize complex java object at the sender's end and deserializes it back that receiver end. Do you have any idea why Json Serialization is not supported in Jose4J and do they have any plan to support in future releases ? – Chaitan Yadav Oct 30 '17 at 04:12