CredentialValidationException is trhown after ugrading to 4.0.3
67 views
Skip to first unread message
Konstantin Smirnov
Mar 27, 2021, 2:31:05 PM3/27/21
to vert.x
I have code to check JWT:
checkJwt( authorization ){ AsyncResult<User> ar ->
if( ar ){
rc.user = ar.result()
rc.next()
}else{
log.warn "checkJwt failed: ${ar.cause()}"
}
if( ar ){
rc.user = ar.result()
rc.next()
}else{
log.warn "checkJwt failed: ${ar.cause()}"
}
void checkJwt( String authorization, Handler<AsyncResult<User>> handler ) {
jwtAuth.authenticate( [ jwt:authorization.substring( 7 ) ] as JsonObject, handler )
}
jwtAuth.authenticate( [ jwt:authorization.substring( 7 ) ] as JsonObject, handler )
}
in 4.0.2 it ran just fine.
after updating to 4.0.3, the following exception started to appear:
checkJwt failed: io.vertx.ext.auth.authentication.CredentialValidationException: token cannot be null or empty
The String I'm trying to decode is defenitely not empty.
Any invisible breaking changes?
Paulo Lopes
Mar 29, 2021, 10:24:36 AM3/29/21
to vert.x
Hi, it could be that you're using the JSON API instead of the new type safe API, in that case your JSON may be using the wrong format:
Stephan Wissel
Mar 30, 2021, 10:57:35 AM3/30/21
to vert.x
I think the difference is that until 4.0.2 the json worked { "jwt" : "..." }, in 4.0.3 you need { "token" : "..."}
Konstantin Smirnov
Mar 30, 2021, 1:58:36 PM3/30/21
to vert.x
Those code changes make me sad. The code just broke after upgrade and had to be fixed manually.
If you want the API to react on "token", simply add "token" to "jwt". This way everything stays safe.
Reply all
Reply to author
Forward
0 new messages