Make DecodedJWT serializable

[skjolber]

Description

I was about to pass the DecodedJWT to a subclass of the Serializable Spring Authentication (via AbstractAuthenticationToken), but then noticed it is not serializable.

Making DecodedJWT implement serializable would be helpful.

Reproduction

The storage field must be marked as transient to pass code quality checks.

Environment

Latest version.

[jimmyjames]

Hi @skjolber, I think this is a reasonable request and use case; we will look into adding serialization support to DecodedJWT.

[jimmyjames]

@skjolber Serialization added in PR #370. I verified it is able to serialize it as a field in a Spring Authentication subclass, but if you'd like to try and verify as well please feel free to. We'll target getting this merged next week unless you have feedback sooner. Thanks!

[skjolber]

@jimmyjames thanks, the PR looks good to me.

[jimmyjames]

Fixed by #370, available in version 3.9.0.

[JorisHeadease]

Hi all,

Thanks a lot for this fix @jimmyjames!

I was wondering if it's possible to mark the DecodedJWT itself as serializable as such:
public interface DecodedJWT extends Payload, Header, Serializable

This would be nice as the DecodedJWT is the public facing entity being scanned by code quality systems (SonarQube in our case). I still get the following warning on version 3.10.1: "Make "jwt" transient or serializable." Other than that, I feel a DecodedJWT should always be serializable, even if more classes implement the interface.

Thanks in advance!