Overview
Allows for an additional layer of security using signed JWT. This plug-in may also be used to integrate with external systems using JWS.
Key Functionality and Features
Uses JWTKs JJWT library: https://github.com/jwtk/jjwt
When using de the jwtdecode function, it works properly, but we see this error in Appian logs.
2023-02-10 09:15:43,868 [Appian AppianServerThreadPoolProvider 6155287] ERROR com.appiancorp.type.handlers.BooleanHandler - Expected 1L or 0L but got: false
Thanks for the feedback, I'll look into updating the library version
Hi,
We are facing some vulnerability issue while scanning this plugin. Kindly help to check.Issue:
jackson-databind before 2.13.0 allows a stack overflow exception and denial of service via a large depth of nested objects.
Thanks in advance!
That worked. Thanks!
I'd be very curious on why named-parameters don't work. Let me know if you get time to look into that.
I think it has something to do with using key-based function call - I'm not sure if this is fully supported by plugin functions.
Can you try using order-based function call shown below?
Thanks
Hey, for some reason I am unable to set reserved keys in the payload, and then when using TokenOptions for jwtverify options it still does not seem to add them:
eyJhbGciOiJIUzI1NiJ9.eyJwYXkiOiJsb2FkIiwiaWF0IjoxNjQ3OTQwNjg1fQ.-deGIDlA2fC3NnBbl3yqLI_ODHgel8QzTfXzpc7aiQg
Any ideas why this is not working?