Audience claim forward slashes escaped

[rakesh850gs]

What's your question?

While adding audience in JWT payload , the url FW slashes gets added with escape characters , and server throws "Audience error"

Additional Context

while creating a JWT and decoding it , the forward slashes gets escaped , is that expected behavior ?

string audUrl1 = R"(https://www.google.com)";
string audUrl2 = R"(https://www.facebook.com)";
value aud1 = picojson::value(audUrl1);
value aud2 = picojson::value(audUrl2);

       auto token = jwt::create()
    .set_issuer("32453q25432534@someorg")
    .set_type("JWT")
    .set_subject("23423@someorg")
    .set_expires_at(expireTime)
    .set_issued_at(std::chrono::system_clock::now())
    .set_audience(audienceClaim)

    .sign(jwt::algorithm::rs256("", rsa_priv_key_ad,"",""));

             auto decoded = jwt::decode(token);
         for (auto& e : decoded.get_payload_claims())
    std::cout << e.first << " = " << e.second << std::endl;

OUTPUT

sub = "234892375iuh@someorg"

_aud = ["https:\/\/www.google.com","https:\/\/www.facebook.com"] _  // here the slashes appear escaped , and it's printing with escaped characters like "W"

exp = 1662661127
iat = 1654021127
iss = "test@someorg"

the server with which I'm exchanging this is throwing a audience claim exception , please help .

Thanks

[Thalhammer]

jwt-cpp doesn't do json serialization itself, instead it delegates this task to a json library. In your case thats picojson. Forward slashes are not a json reserved character so I am a bit surprised it excapes them.

EDIT: I just tried your code and indeed it seems to escape the string. I've never seen a json parser that does not accept this escaped syntax, since according to the Json RFC Any character may be escaped., so your json parser is technically not standards compliant. This obviously doesn't solve your issue right now though. You also can't replace it in the resulting token cause then the signature is no longer valid. Going forward I'd recommend opening two issues:

• On the repo/provider of the server you are exchanging the token with (because it should not reject valid json)
• On the picojson repo, because it shouldn't escape characters which dont need to be escaped (You can link to this issue if you want).

As a hotfix you could try running a different json library for now if you dont use picojson anywhere else.

[rakesh850gs]

This is an actual output .

sub = "12345@someorg" aud = ["https:\/\/www.google.com","https:\/\/www.facebook.com"] -- Here it's escaping like "httpsW" exp = 1662663456 iat = 1654023456 iss = "12345@someorg" eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaHR0cHM6XC9cL3d3dy5nb29nbGUuY29tIiwiaHR0cHM6XC9cL3d3dy5mYWNlYm9vay5jb20iXSwiZXhwIjoxNjYyNjYzNDU2LCJpYXQiOjE2NTQwMjM0NTYsImlzcyI6IjEyMzQ1QHNvbWVvcmciLCJzdWIiOiIxMjM0NUBzb21lb3JnIn0.rWRps6QP7WJuU4IOdC4f9xmrRCaAefWl8HyhHd11AvmIpybBGSHu2e4pEQRTpxKsK1t-SFJ44RHTLmevR0V5VZKv2hup4ZeGP2AvOGKxT6fpIhbjSrGepnDSclXHCMeJvz39oAnUffpobWNPkv9FGD2el-N4vq6Coe1Vn7ITRd6bM_ArgQ33yKdh3I62Wm58jG9ffO7Sn2Shr2eFaexSFNFy2lszaMNoZ2no0qPrcFiXhoST4UIIE8Mzg8DWG1lZrY5WRF7Z9ikEZ9E1m-TaV3yDxDlf3SIV7kb8ULvWhZ9HlDpOXzV7UXlk7GraIukkRzkoCDLxp1ttwkznAuA9LA

[Thalhammer]

See edit above, you where too quick :)

[rakesh850gs]

Yeah , Thanks for your response , I shall raise those 2 issues in respective repos and try changing the JSON parser and check .

Thank you :-)

[rakesh850gs]

And this library uses PicoJson right ? because the .setAudience method expects a picojson array !!!!

[prince-chrismc]

It's a design of picojson https://github.com/kazuho/picojson/pull/26... sadly the author is inactive so we added support for other JSON libraries! For reasons exactly like this

https://github.com/Thalhammer/jwt-cpp#overview has a list of support libraries but you can also check out https://github.com/Thalhammer/jwt-cpp/tree/master/example/traits

You might be interested in using https://github.com/nlohmann/json which is my go to for C++ JSON

[rakesh850gs]

I'm trying your suggestion , let me see

[prince-chrismc]

Did you have any luck solving your problem?

[rakesh850gs]

I followed your answer and I was able to solve the issue , thanks , changing the library , worked . Thanks .