[OLTU-200] Wrong regex in TokenReader - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: commons-encodedtokens-1.0.1
Component/s: oauth2-common
Labels:
None

Description

The regex in TokenReader [0] doesn't comply with the JWS spec.

The spec [1] says:

BASE64URL(UTF8(JWS Protected Header)) || '.' ||
     BASE64URL(JWS Payload) || '.' ||
     BASE64URL(JWS Signature)

while the impl regex is

private final Pattern base64urlTokenPattern = Pattern.compile("([a-zA-Z0-9/+=]+)\\.([a-zA-Z0-9/+=]+)\\.(.+)");

it should be rather

private final  base64urlTokenPattern = Pattern.compile("([a-zA-Z0-9-_=]+)\\.([a-zA-Z0-9-_=]+)\\.([a-zA-Z0-9-_=]+)

[0] https://github.com/apache/oltu/blob/trunk/commons/encodedtoken/src/main/java/org/apache/oltu/commons/encodedtoken/TokenReader.java#L30
[1] https://tools.ietf.org/html/rfc7515

Attachments

Activity

People

Assignee:: Simone Tripodi

Reporter:: Antonio Sanso

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Jul/16 11:15

Updated:: 02/Aug/16 11:00

Resolved:: 02/Aug/16 11:00