I hope you can help me
The Problem I got this exception mentioned in the title with some cases. My application generates JWT tokens every month with a scheduled process. The problem is that this cases were working fine the corresponding last month but the next one is invalid. For example, i generated tokens last month and were working fine but in some part of the time it started to throw the exception when trying to parse.
As an additional information i have some tokens from 2 months ago that works correctly despite it can be expired.
I haven't made any recent changes to the code and the secret value remains the same. Also i don't think is problem of the exp or expiration value (if this was true i think it will throw ExpiredException)
Actually i'm using in maven the 0.11.1 version in maven for jjwt-api, jjwt-impl and jjwt-jackson dependencies. My application in production stage is deployed in Azure Kubernetes Services with Java 11. The algorithm im using is HS512.
Wrong Token example eyJhbGciOiJIUzUxMiJ9.eyJkb2N1bWVudFR5cGUiOiJETkkiLCJwcm9jZXNzSWQiOjQ4LCJkb2N1bWVudE51bWJlciI6IjA0OTM4NjIwIiwiZXhwaXJhdGlvbiI6IjIwMjMtMDYtMDEiLCJhZmZpbGlhdGVJZCI6Ijk3NTM3N0pYWVpMNyIsImV4cCI6MTY4NTU5NTYwMH0.NpN5as_YczjzmrBVHrEt9d0ba962PYZZolzgEx3EFQtqyumORqs6vNDLRFowFkKh8sCbqUyQxv57L6FhqhPhRw
Correct Token example eyJhbGciOiJIUzUxMiJ9.eyJkb2N1bWVudFR5cGUiOiJETkkiLCJwcm9jZXNzSWQiOjM4LCJkb2N1bWVudE51bWJlciI6Ijg1MjAyMTM0IiwiZXhwaXJhdGlvbiI6IjIwMjMtMDMtMDEiLCJhZmZpbGlhdGVJZCI6IjE4NzM1N1pCUkNOMyIsImV4cCI6MTY3NzY0NjgwMH0.CBqKDJcWIs0hq7jy9LTyb1INVTqkWKi0KQgYLCEDR7TUG5lNQBKriO_fvcFhZOZfs6E0DqtDmdtcj1oI2XWbvg
If you guys need more information i can help giving some examples with correct and incorrect tokens. Regards Henry.
I share with you some information in order you guys can help me to resolve or get the problem
@Value("${token.exchange.jwt.secret}") private String secret;
@Value("${token.exchange.jwt.expiration}") private Integer expirationMonth;
1.- Generate method
private String doGenerateToken(Map<String, Object> claims) throws NotFoundException {
ZoneId defaultZone = ZoneId.systemDefault();
String fecExpirationClaim = (String) (claims.get(EXPIRATION));
LocalDate localDate = LocalDate.parse(fecExpirationClaim);
if (localDate == null) {
throw new NotFoundException("El Token no tiene fecha de expiración");
}
Date expirationDate = Date.from(localDate.atStartOfDay(defaultZone).toInstant());
SecretKey key = Keys.hmacShaKeyFor(this.secret.getBytes());
return Jwts.builder().setClaims(claims).setExpiration(expirationDate).signWith(key).compact();
}
2.- Decode Method
public Claims getAllClaimsFromToken(String token) {
return Jwts.parserBuilder()
.setSigningKey(Base64.getEncoder().encodeToString(this.secret.getBytes()))
.build()
.parseClaimsJws(token)
.getBody();
}
I tried to run my application in a simple local environment and got the same error.
Also change my code in the getAllClaimsFromToken method in the setSigningKey using the same key like the generate method like this:
public Claims getAllClaimsFromToken(String token) {
SecretKey key = Keys.hmacShaKeyFor(this.secret.getBytes());
return Jwts.parserBuilder()
.setSigningKey(key)
.build()
.parseClaimsJws(token)
.getBody();
}
but got the same result
I expect all my tokens got parsed correctly again because as i said before it were working correctly time ago.
Regards Henry.
