Preserve insertion order for JSON claims

auth0 · Mar 27, 2023 · b8c91b7 · b8c91b7
1 parent d713cec
commit b8c91b7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
@@ -112,7 +112,7 @@ public Builder withHeader(String headerClaimsJson) throws IllegalArgumentExcepti
             }
 
             try {
-                Map<String, Object> headerClaims = mapper.readValue(headerClaimsJson, HashMap.class);
+                Map<String, Object> headerClaims = mapper.readValue(headerClaimsJson, LinkedHashMap.class);
                 return withHeader(headerClaims);
             } catch (JsonProcessingException e) {
                 throw new IllegalArgumentException("Invalid header JSON", e);
@@ -508,7 +508,7 @@ public Builder withPayload(String payloadClaimsJson) throws IllegalArgumentExcep
             }
 
             try {
-                Map<String, Object> payloadClaims =  mapper.readValue(payloadClaimsJson, HashMap.class);
+                Map<String, Object> payloadClaims =  mapper.readValue(payloadClaimsJson, LinkedHashMap.class);
                 return withPayload(payloadClaims);
             } catch (JsonProcessingException e) {
                 throw new IllegalArgumentException("Invalid payload JSON", e);

diff --git a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
@@ -3,7 +3,6 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.interfaces.ECDSAKeyProvider;
 import com.auth0.jwt.interfaces.RSAKeyProvider;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.junit.Rule;
@@ -974,7 +973,7 @@ public void withPayloadShouldSupportJsonValueWithNestedDataStructure() {
                 .sign(Algorithm.HMAC256("secret"));
 
         assertThat(jwt, is(notNullValue()));
-        String[] parts = jwt.split("\\.");
+        String[] parts = jwt.split("\\.")  ;
         String payloadJson = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8);
 
         assertThat(payloadJson, JsonMatcher.hasEntry("stringClaim", stringClaim));
@@ -1014,16 +1013,21 @@ public void shouldCreatePayloadWithNullForList() {
 
     @Test
     public void shouldPreserveInsertionOrder() throws Exception {
-        List<String> headerInsertionOrder = new ArrayList<>();
+        String taxonomyJson = "{\"class\": \"mammalia\", \"order\": \"carnivora\", \"family\": \"canidae\", \"genus\": \"vulpes\"}";
+        List<String> taxonomyClaims = Arrays.asList("class", "order", "family", "genus");
+        List<String> headerInsertionOrder = new ArrayList<>(taxonomyClaims);
         Map<String, Object> header = new LinkedHashMap<>();
         for (int i = 0; i < 10; i++) {
             String key = "h" + i;
             header.put(key, "v" + 1);
             headerInsertionOrder.add(key);
         }
 
-        List<String> payloadInsertionOrder = new ArrayList<>();
-        JWTCreator.Builder builder = JWTCreator.init().withHeader(header);
+        List<String> payloadInsertionOrder = new ArrayList<>(taxonomyClaims);
+        JWTCreator.Builder builder = JWTCreator.init()
+                .withHeader(taxonomyJson)
+                .withHeader(header)
+                .withPayload(taxonomyJson);
         for (int i = 0; i < 10; i++) {
             String name = "c" + i;
             builder = builder.withClaim(name, "v" + i);