private void verifyAlgorithm(DecodedJWT jwt, Algorithm expectedAlgorithm) throws AlgorithmMismatchException {
if (!expectedAlgorithm.getName().equals(jwt.getAlgorithm())) {
throw new AlgorithmMismatchException(
"The provided Algorithm doesn't match the one defined in the JWT's Header.");
}
}
Checklist
Description
https://github.com/auth0/java-jwt/blob/d97f4e6df09d5437aede60776fa69e0ad49824af/lib/src/main/java/com/auth0/jwt/JWTVerifier.java#L475 This is always false, as
jwt
contains strings likeRS512
and expectedAlgorithm is likeSHA512withRSA
The Ktor uses this code to match between them (https://github.com/ktorio/ktor/blob/d5ae8e5641dea582fbe5ebb52577e7bdad2f5ad8/ktor-server/ktor-server-plugins/ktor-server-auth-jwt/jvm/src/io/ktor/server/auth/jwt/JWTUtils.kt#L21):
Example of jwks.json
Example of JWT
check JWT
Reproduction
Use Ktor and try to set up JWT auth.
Additional context
No response
java-jwt version
com.auth0:java-jwt:4.4.0
Java version
java.runtime.version -> 21.0.2+13-jvmci-23.1-b30