fix: add exp and iat to JWT payloads without scientific notation (#765)

supertokens · Aug 14, 2023 · 15b49aa · 15b49aa
1 parent 39bca79
commit 15b49aa
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [unreleased]
 
+## [6.0.9] - 2023-08-14
+
+- Now using decimal notation to add numbers into the access token payload (instead of scientific notation) 
+
 ## [6.0.8] - 2023-08-01
 
 - Fixes CUD validation starting with number.

diff --git a/build.gradle b/build.gradle
@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "6.0.8"
+version = "6.0.9"
 
 
 repositories {

diff --git a/src/main/java/io/supertokens/jwt/JWTSigningFunctions.java b/src/main/java/io/supertokens/jwt/JWTSigningFunctions.java
@@ -127,9 +127,8 @@ public static String createJWTToken(JWTSigningKey.SupportedAlgorithms supportedA
         headerClaims.put("kid", keyToUse.keyId);
 
         // Add relevant claims to the payload, note we only add/override ones that we absolutely need to.
-        Map<String, Object> jwtPayload = new Gson().fromJson(payload, HashMap.class);
-        if (jwksDomain != null) {
-            jwtPayload.putIfAbsent("iss", jwksDomain);
+        if (jwksDomain != null && !payload.has("iss")){
+            payload.addProperty("iss", jwksDomain);
         }
 
         JWTCreator.Builder builder = com.auth0.jwt.JWT.create();
@@ -141,7 +140,7 @@ public static String createJWTToken(JWTSigningKey.SupportedAlgorithms supportedA
         if (jwksDomain != null) {
             builder.withIssuer(jwksDomain);
         }
-        builder.withPayload(jwtPayload);
+        builder.withPayload(payload.toString());
 
         return builder.sign(signingAlgorithm);
     }

diff --git a/src/test/java/io/supertokens/test/session/AccessTokenTest.java b/src/test/java/io/supertokens/test/session/AccessTokenTest.java
@@ -18,6 +18,7 @@
 
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
 import io.supertokens.ProcessState.EventAndException;
 import io.supertokens.ProcessState.PROCESS_STATE;
 import io.supertokens.exceptions.AccessTokenPayloadError;
@@ -272,6 +273,11 @@ public void inputOutputTest() throws Exception {
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
+        JsonObject payload = (JsonObject) new JsonParser()
+                .parse(io.supertokens.utils.Utils.convertFromBase64(newToken.token.split("\\.")[1]));
+        // This throws if the number is in scientific (E) format
+        assertEquals(expiryTime / 1000, Long.parseLong(payload.get("exp").toString()));
+
         JWT.JWTPreParseInfo jwtInfo = JWT.preParseJWTInfo(newToken.token);
         assertNotNull(jwtInfo.kid);
         assertEquals(jwtInfo.version, AccessToken.getLatestVersion());
@@ -302,6 +308,11 @@ public void inputOutputTestStatic() throws Exception {
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
+        JsonObject payload = (JsonObject) new JsonParser()
+                .parse(io.supertokens.utils.Utils.convertFromBase64(newToken.token.split("\\.")[1]));
+        // This throws if the number is in scientific (E) format
+        assertEquals(expiryTime / 1000, Long.parseLong(payload.get("exp").toString()));
+
         JWT.JWTPreParseInfo jwtInfo = JWT.preParseJWTInfo(newToken.token);
         assertNotNull(jwtInfo.kid);
         assertEquals(jwtInfo.version, AccessToken.getLatestVersion());
@@ -330,6 +341,12 @@ public void inputOutputTestV2() throws Exception {
         assertEquals("value", info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime, info.expiryTime);
+
+        JsonObject payload = (JsonObject) new JsonParser()
+                .parse(io.supertokens.utils.Utils.convertFromBase64(newToken.token.split("\\.")[1]));
+        // This throws if the number is in scientific (E) format
+        assertEquals(expiryTime, Long.parseLong(payload.get("expiryTime").toString()));
+
         process.kill();
     }
 
@@ -355,6 +372,12 @@ public void inputOutputTestv1() throws InterruptedException, InvalidKeyException
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
         assertEquals("value", info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
+
+        JsonObject payload = (JsonObject) new JsonParser()
+                .parse(io.supertokens.utils.Utils.convertFromBase64(newToken.token.split("\\.")[1]));
+        // This throws if the number is in scientific (E) format
+        Long.parseLong(payload.get("expiryTime").toString());
+
         process.kill();
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" } @@
     //    }
     //}
-    version = "6.0.8"
+    version = "6.0.9"
     repositories {
@@ Expand Down @@