Version 5: decryption of compressed token throws exception but works in 4.1

[Mr-Pearce]

Hey when i use the following code in Version 5 i get the message below. With Version 4.1 it works just fine. When i remove the JweCompression.DEF from Encryption it also works with 5 but the JWE Tokens i get are all compressed.

using RSA rsa = RSA.Create(4096);

var privateKey = rsa.ExportParameters(true);
var publicKey = rsa.ExportParameters(false);

var payload = Convert.ToBase64String(File.ReadAllBytes(@"C:\pathtofile\file-example_PDF_500_kB.pdf"));

using RSA rsaPublicKey = RSA.Create(publicKey);
var encryptedToken = JWT.Encode(payload, rsaPublicKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM, JweCompression.DEF);

using RSA rsaPrivateKey = RSA.Create(privateKey);
var decryptedToken = JWT.Decode(encryptedToken, rsaPrivateKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);

Assert.That(decryptedToken, Is.EqualTo(payload));

Message:  Jose.JoseException : Unable to deflate compressed payload, most likely exceeded decompression buffer size. ----> System.NotSupportedException : Memory stream is not expandable.

file-example_PDF_500_kB.pdf

[dvsekhvalnov]

Hi @Mr-Pearce ,

yeah, it is in release notes actually, please see here: https://github.com/dvsekhvalnov/jose-jwt#customizing-compression

You'll have to provide higher limit for decompression according to your case.

Would also recommend to consider detached payload standard if possible in your scenarios: https://github.com/dvsekhvalnov/jose-jwt?tab=readme-ov-file#unencoded-and-detached-content-aka-rfc-7797

and may be transfer bigger payloads via different channel directly. May be more scalable solution, but definitely depends.

[dvsekhvalnov]

@Mr-Pearce are you good? Can close an issue?