Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preserve insertion order for claims #656

Merged
merged 4 commits into from
Mar 27, 2023
Merged

Conversation

snago
Copy link
Contributor

@snago snago commented Mar 25, 2023

Changes

Please describe both what is changing and why this is important. Include:

Make header and payload fields in the resulting JWT have the same order as they were added to the JWTCreator.Builder.
When looking at a decoded JWT it's easier to see if all expected claims are included when they aren't scrambled.

  • Endpoints added, deleted, deprecated, or changed
  • Classes and methods added, deleted, deprecated, or changed

Very small change, only changed HashMap to LinkedHashMap for headerClaims and payloadClaims in JWTCreator.Builder.

  • Any alternative designs or approaches considered

A more complicated variant could allow selection of different orderings, e.g. scrambled (current), insertion order (this) and alphabetically sorted (e.g. by using TreeMap).

  • Screenshots of new or changed UI, if applicable
  • A summary of usage if this is a new feature or change to a public API (this should also be added to relevant documentation once released)

Order was unspecified before (since HashMap was used), now it's deterministic.

References

Please include relevant links supporting this change such as a:

  • support ticket
  • community post
  • StackOverflow post
  • support forum thread

None that I know of.

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds test coverage (or at least doesn't reduce coverage)
  • This change has been tested on the latest version of Java or why not

I've added a test that verifies that both header and payload claims are in insertion order.
The test doesn't care about where any other header fields are inserted, such as alg or typ (they will be last since they're added in the sign method).

Checklist

@snago snago requested a review from a team as a code owner March 25, 2023 13:04
jimmyjames
jimmyjames previously approved these changes Mar 27, 2023
Copy link
Contributor

@jimmyjames jimmyjames left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 nice change, thanks!

@snago
Copy link
Contributor Author

snago commented Mar 27, 2023

Oh, there's some interaction with the other PR that was just merged.
I'll take a look at that and make sure that order is preserved for the new JSON-string methods as well...

@snago
Copy link
Contributor Author

snago commented Mar 27, 2023

Fixed! All that was needed was to use LinkedHashMap in those methods as well.
I made the unit test check the result of JSON claims as well, in both header and payload.

@snago snago requested a review from jimmyjames March 27, 2023 15:49
@jimmyjames jimmyjames merged commit e85a00a into auth0:master Mar 27, 2023
@jimmyjames jimmyjames mentioned this pull request Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants