JWT strings must contain exactly 2 period characters. Found: 4

zhangwei900808 commented 6 months ago

Environment

System: OS: macOS 14.4.1 CPU: (10) arm64 Apple M1 Max Memory: 2.58 GB / 64.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 20.11.1 - /usr/local/bin/node npm: 10.2.4 - /usr/local/bin/npm pnpm: 8.6.12 - ~/Library/pnpm/pnpm Browsers: Chrome: 123.0.6312.123 Edge: 123.0.2420.97 Safari: 17.4.1 npmPackages: next: 14.2.1 => 14.1.4 next-auth: 5.0.0-beta.16 => 5.0.0-beta.16 react: ^18 => 18.2.0

Reproduction URL

https://github.com/zhangwei900808/next-auth-redux

Describe the issue

static void parseToken() {
        String jwt = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwia2lkIjoib0Y4SU1ycV9sZUxRYXhSeVZnZVNsUXc4VFNabnRrd1R0NmZ1bnZ1ZzhBT2gtR2J1Wkp4dnhHRllQb3FUaVYtRl92YzAtWGxQUjdaRlRLdkVON181VHcifQ..LmIzZLb4TycAfONNwBTDtA.YL5AV1NqBI3rNeKAVdFcMi7YrpQOgLTuptDGCwK7CL2IlaA4QMre0uI-JN1-HeRxUzSo-K0Z5SEpyCkwxdipLB8GLkc4_fT6sxXjNk5qcXK9j7cPzpywDwEOZx5wOzySLjf1ITz9jSr5KyiqWI6GmJ-0Tvba7wC-pHmEIcbW-76oJaEhEDyHK7ylPtOxNiSE1FckKY15st7IsVl1nVuQN2rfPLbdydxqfYKrCU90pnv8LXRX6YcYRd1Z1TPZEsmKLLa_ouyciC6VyXVE00CluBlV1OF8dmSt8S8nyfCU3nNbAKgD-AyaGhPYRpvhlNRgAhcqOkoieEy0EkxPhRoReA.ArG5yCRvmDIEseUDvKNnTo3IlaEtpOr-MOsYhF8Gle8";
        try {
            // 配置JWT解析器，设置签名密钥和允许的算法
            Claims claims = Jwts.parserBuilder()
                    .setSigningKey("123456") // 设置签名密钥
                    .setAllowedClockSkewSeconds(60) // 允许的时间偏差（可选）
                    .build()
                    .parseClaimsJws(jwt) // 解析token，并自动验证签名
                    .getBody(); // 获取Claims对象

            // 从Claims对象中获取你需要的信息
            String subject = claims.getSubject();
            // ... 获取其他claim信息

            System.out.println("Subject: " + subject);
            // ... 打印其他信息

        } catch (Exception e) {
            logger.info("error ={}", e.getMessage());
            // 处理异常，可能是签名无效、token过期或其他问题
            e.printStackTrace();
        }
    }

java get jwt token in cookies，but when I parse it is error

11:25:59.697 [main] INFO com.seaurl.gatewaysvr.GatewayServerApplication - error =JWT strings must contain exactly 2 period characters. Found: 4
io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 4
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:296)
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:550)
        at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:610)
        at io.jsonwebtoken.impl.ImmutableJwtParser.parseClaimsJws(ImmutableJwtParser.java:173)
        at com.seaurl.gatewaysvr.GatewayServerApplication.me(GatewayServerApplication.java:31)
        at com.seaurl.gatewaysvr.GatewayServerApplication.main(GatewayServerApplication.java:49)

How to reproduce

1、install next.js and next-auth 2、config auth.js 3、send a invoke to backend 4、java parse jwt token

Expected behavior

java can parse next-auth generate token and get user info in it

balazsorban44 commented 6 months ago

The reason you get the kind of error you reported is because Auth.js encrypts JWTs by default (JWE). Auth.js JWTs are not meant for third-party APIs. You need an identity provider that issues access_tokens. That said, you have the jwt.encode and jwt.decode options available to issue a JWT format your backend accepts. This is condiered an advanced option, use it at your own risk:

https://authjs.dev/reference/core/jwt#encode-1 https://authjs.dev/reference/core/jwt#decode-2

zhangwei900808 commented 6 months ago

@balazsorban44 Thks your reply , I sure what I should do 👍

nextauthjs / next-auth