Auth0 java-jwt serialization: name of the field

1
votes

I got a User class. And this class obviously has fields.

public class User {

private String username;
private String password;
private long exp;

//other fields

public long getExpiration() {return exp;}

//other setters/getters

}

I'm using java-jwt library from Auth0 team for signing and verifying tokens.

Name of the field exp exactly matches verifyExpiration() method from java-jwt library.

enter image description here

But everytime when I'm using JWTVerifier(secret).sign(jwtmap), where jwtmap is Map< String,User > it's serialize my exp field with a name expiration.

So it's not working as it's supposed to be thorugh JWTVerifier(secret).verify(token) stage. Because .verify(token) expects field to be named as "exp"

1
javajsonjwtauth0

1 Answers

0
votes

After a quite time I found the problem. When I renamed my field from expiration to exp so it would be mathing java-jwt methods, I didn't renamed get method 

public long getExpiration() {return exp;}

Because I liked it better.

But it appears to be that java-jwt (via BeanSerializerBase) serialize classes with properties, that it take not from the field names of class but from get methods. So in my case basically took name of the "getExpiration" method and trimed "get" part.

So you either should name getters of your class properly or do not put whole class to java-jwt sign(jwtmap) method. And better populate jwtmap through getters by yourself, field by the field. Hope you won't need a lot for your token. Pro, you can choose whatever names you want inside your class. And there's no need for @JsonIgnore (or whatever annotation your class have).

Map<String, Object> jwtmap = new HashMap<>();
jwtmap.put("username", user.getUsername());
jwtmap.put("exp", user.getExpiration());
final Token tk = new Token(new JWTSigner(secret).sign(jwtmap));