Merge pull request #796 from finos/fix-jjwt-library

Downgrade JJWT library version

Author: vladokrsymphony

symphony-bdk-bom/build.gradle

@@ -16,7 +16,7 @@ repositories {
 
 dependencies {
     // import Spring Boot's BOM
-    api platform('org.springframework.boot:spring-boot-dependencies:3.2.2')
+    api platform('org.springframework.boot:spring-boot-dependencies:3.2.3')
     // import Jackson's BOM
     api platform('com.fasterxml.jackson:jackson-bom:2.16.0')
     // import Jersey's BOM
@@ -55,7 +55,7 @@ dependencies {
         api 'org.apache.commons:commons-text:1.11.0'
         api 'commons-logging:commons-logging:1.3.0'
         api 'com.brsanthu:migbase64:2.2'
-        api 'io.jsonwebtoken:jjwt:0.12.3'
+        api 'io.jsonwebtoken:jjwt:0.9.1'
         api 'org.bouncycastle:bcpkix-jdk18on:1.77'
         api 'com.google.code.findbugs:jsr305:3.0.2'
 

symphony-bdk-core/src/main/java/com/symphony/bdk/core/auth/jwt/JwtHelper.java

@@ -117,8 +117,8 @@ public static UserClaim validateJwt(String jwt, String certificate) throws AuthI
     final Certificate x509Certificate = parseX509Certificate(certificate);
 
     try {
-      final Claims body = Jwts.parser().verifyWith(x509Certificate.getPublicKey())
-          .build().parseSignedClaims(jwt).getPayload();
+      final Claims body = Jwts.parser().setSigningKey(x509Certificate.getPublicKey())
+        .parseClaimsJws(jwt).getBody();
       return mapper.convertValue(body.get("user"), UserClaim.class);
     } catch (JwtException e) {
       throw new AuthInitializationException("Unable to validate JWT", e);