You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the latest version (2.2.5) the regex to find the JWT token is set to the following. However, the payload of the token I was about to test started with eyI. This didn't match the regex and resulted in Cannot find a valid JWT.
Nice one.
Yes, this is a very narrow case, but it can happen.
The regex /eyJ./ matches the first block (4 chars) of base64 output for any string beginning with /{"[a-zA-Z]/ - that is, any JSON object with a key/name starting with an alpha char.
If the JSON object has a first key/name as a quoted numeric value (e.g. {"1":"one","2":"two"}), then the base64 value will match regex /eyI./
I have never seen this myself, but changing the regex of the JSON base64 sections to the following would be wise to cover those edge cases (while minimisng false positives): /ey[IJ][A-Za-z0-9_\/+-]*/
So: /ey[IJ][A-Za-z0-9_\/+-]*\.ey[IJ][A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*/
In the latest version (2.2.5) the regex to find the JWT token is set to the following. However, the payload of the token I was about to test started with
eyI
. This didn't match the regex and resulted inCannot find a valid JWT
.Modifying all regexes in the code to the following resolved my issue.
The text was updated successfully, but these errors were encountered: