private Claims extractAllClaims(String token){ return Jwts .parser() .verifyWith(getSignInKey()) .build() .parseSignedClaims(token) .getPayload(); } private Foo extractFoo(String token){ Claims claims = extractAllClaims(token); return claims.getFoo(); } private Bar extractBar(String token){ Claims claims = extractAllClaims(token); return claims.getBar(); } Is the code above or below good practice to extract data and why? Thanks for your contribute! private Date extractFoo(String token){ […]

Found blocking call. I found Blocking call by BlockHound in my spring webflux app. I know that jjwt uses SecureRandom to make jwt id(jti) in default. Here is my stack traces. reactor.blockhound.BlockingOperationError: Blocking call! java.io.FileInputStream#readBytes at java.base/java.io.FileInputStream.readBytes(FileInputStream.java) ~[na:na] Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: Error has been observed at the following site(s): checkpoint ⇢ Handler tokenserver.infrastructure.adapter.driving.web.auth.AuthController#issueAccessToken(IssueToken Request) [DispatcherHandler] checkpoint […]

I am trying to upgrade this library https://github.com/jwtk/jjwt to 0.12.5.
My problem is that after the upgrade I can’t parse the jwt token without the signature key (I know what I’m doing, I really should do it, I don’t have the signature key, etc)