Closed borgogelli closed 11 months ago
Thanks @borgogelli for the details and reproduction steps, we'll look into it this week and release a fix if needed. Thanks!
@borgogelli the exception you are seeing is because the actual audience in the JWT does not match the expected audience in the validation (the actual JWT's audience is 0a002700000b
, while you have configured the validation to expect 0A002700000B
- just incorrect casing). So the exception occurs because the audience does not match. If you were to comment out the audience validation (just to test) you'd receive an TokenExpiredException
as expected.
e in the JWT does not match the expected audience in the validation (the actual JWT's audience is
0a002700000b
, while you have configured the validation t
Hi @jimmyjames thank you for the reply The question is why does the same test pass with version 3.19.4 ?
@borgogelli - in v3 the exp
claim is validated prior to the aud
claim, resulting in the TokenExpiredException
being thrown prior to validating the aud
claim (which would throw an IncorrectClaimException
if the exp
claim were valid). Both cases result in an invalid JWT but different types of JWTVerificationException
being thrown due to the order of validation.
thank you @jimmyjames for the really comprehensive answer
Checklist
Description
The following junit test is successful with the version 3.19.4 But with the 4.4.0 version throws a com.auth0.jwt.exceptions.IncorrectClaimException exception. While I expect an TokenExpiredException.
Reproduction
Additional context
No response
java-jwt version
4.4.0
Java version
java 11, target 1.8