Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT.encode method breaking changes #249

Closed
msxavi opened this issue Dec 1, 2017 · 7 comments
Closed

JWT.encode method breaking changes #249

msxavi opened this issue Dec 1, 2017 · 7 comments
Labels
discussion

Comments

@msxavi
Copy link

msxavi commented Dec 1, 2017

Hi guys,

I think you have introduced breaking changes somewhere along the path within a patch upgrade instead of a major version because I've got version 1.5.1, where JWT.encode method works with string:

JWT.encode("host", ENV['SECRET'])

And after updating to 1.5.6 the same method with string "host" raises:

JSON::GeneratorError: only generation of JSON objects or arrays allowed
from /Users/me/.rvm/gems/ruby-2.3.5/gems/json-1.8.6/lib/json/common.rb:223:in `generate'

I'd rather have all bugfixes done until version 1.5.6, but with no breaking changes such the aforementioned. Is there anything you can do?
@excpt
Copy link
Member

excpt commented Dec 1, 2017

@msxavi I am aware of that problem. IMHO: Rewinding it would cause more trouble.

Is it possible to test your code against the latest 2.1.0 release of ruby-jwt?

This string payload issue was tackeled in #236.

Release notes: https://github.com/jwt/ruby-jwt/releases/tag/v2.1.0

@excpt
Copy link
Member

excpt commented Jan 9, 2018

@msxavi Any updates on this issue?

@msxavi
Copy link
Author

msxavi commented Jan 10, 2018

@excpt updating ruby-jwt will consequently update json as well and this is leading us to greater updates as the dependencies are many. Still thinking over.

@excpt
Copy link
Member

excpt commented Mar 22, 2018

@msxavi Is this still an issue? Did an update of json work for your use-case?

@NCCastillo
Copy link

@excpt hopefully this confirms a fix and sheds more light for anyone else who stumbles upon this.

I had the same issue where JWT.encode would fail on encode for String. I was able to upgrade JWT to 2.1.0 but I was still receiving JSON::GeneratorError: only generation of JSON objects or arrays allowed.

After investigating further I notice the version of the json gem I was using was 1.8.6. I was able to upgrade the json gem to the latest version (2.1.0) and the problem is now resolved.

In rails/ruby console:

# latest version of json gem (2.1.0)
JSON.generate("test")
#  => "\"test\""

# json gem version  1.8.6
JSON.generate("test")
# =>JSON::GeneratorError: only generation of JSON objects or arrays allowed

@d3v-null
Copy link

Hi there!
Another potential solution is to modify lib/jwt/json.rb and replace

        ::JSON.generate(data)

with

        ::JSON.generate(data, { quirks_mode: true })

If the maintainers are happy with this approach, I'd be happy to submit a pull request!

@anakinj
Copy link
Member

anakinj commented Oct 6, 2022

Closing as a stale issue. I think we do not want to introduce any quirks on the JSON parsing. The JWT RFC is pretty clear on that the payload needs to be a valid JSON object.

@anakinj anakinj closed this as completed Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@excpt @anakinj @d3v-null @NCCastillo @msxavi