Reputation: 483
JWTClaimsSet.Builder() and JSONObject - Object inside Verifiable Presentation JWT
I've to create a JWTClaim which has inside a property with a JSON:
exampleClaimJson = {
"nonce":"13234-3234345-34454",
}
In Java I'm building it like this:
JSONObject exampleClaimJson = new JSONObject();
didJson.put("nonce","13234-3234345-34454");
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject(did)
.claim("exampleJson", exampleClaimJson)
.build()
But then inside the JWT the "exampleJson" claim is represented like this:
{
...
"exampleJson": {
"map": {
"nonce":"13234-3234345-34454"
}
}
}
On the other hand if I use
.claim("exampleJson", exampleClaimJson.toString())
Then it turns into:
{
...
"exampleJson": "{\"nonce\":\"13234-3234345-34454\"}"
}
To me none of those look ok, in particular because the structure of the Claim will be verified and must be just a JSON, not with map declarations and not a simple string.
Does anyone know if this is the correct approach in Java? I'm looking at this Building JSON Web Token using JSONObject and JSONArray (from 2015 though..) - what's the difference between the minidev and the java json objects? Is it a normal practice to include different JSON libraries for Java projects?
Upvotes: 0
Views: 1605
Answers (1)
Reputation: 29198
Your code looks right - perhaps there is some kind of library incompatibility? To work with object claims, see the nimbus tests. Here is some working code:
var verifiablePresentationJson = new JSONObject()
verifiablePresentationJson.put("nonce", "13234-3234345-34454")
val did = "did:example:user123"
val claimsSet = new JWTClaimsSet.Builder()
.subject(did)
.claim("verifiablePresentationJson", verifiablePresentationJson)
.build()
System.out.println(claimsSet.toString())
Note that you should be using the following class and not some other implementation:
net.minidev.json.JSONObject
Do so by adding this dependency, in the same way as the nimbus project does:
implementation("net.minidev:json-smart:2.5.0")
Upvotes: 1
Related Questions
- JWT refresh token flow
- Invalidating JSON Web Tokens
- How to use jti claim in a JWT
- How do I get current user in .NET Core Web API (from JWT Token)
- What is the difference between JSON Web Signature (JWS) and JSON Web Token (JWT)?
- Is a Refresh Token really necessary when using JWT token authentication?
- What are the main differences between JWT and OAuth authentication?
- How to store a JWT token inside an HTTP only cookie?
- Decoding and verifying JWT token using System.IdentityModel.Tokens.Jwt
- JWT authentication for ASP.NET Web API