Summary
NimbusJwtDecoderJwkSupport takes whatever exception message Nimbus sends, wraps it in JwtException and rethrows to the caller.
One of Nimbus's messages, regarding when a plain (unsigned) JWT is submitted is:
Unsecured (plain) JWTs are rejected, extend class to handle
This message reveals too much about the underlying implementation, and Spring Security should have its own message that doesn't refer to the class.
Actual Behavior
When a plain JWT is presented, the exception message mentions classes.
Expected Behavior
When a plain JWT is presented, the exception message should simply state that plain JWTs are not supported.
Version
5.1.0.M2
5.0.7
Summary
NimbusJwtDecoderJwkSupporttakes whatever exception message Nimbus sends, wraps it inJwtExceptionand rethrows to the caller.One of Nimbus's messages, regarding when a plain (unsigned) JWT is submitted is:
This message reveals too much about the underlying implementation, and Spring Security should have its own message that doesn't refer to the class.
Actual Behavior
When a plain JWT is presented, the exception message mentions classes.
Expected Behavior
When a plain JWT is presented, the exception message should simply state that plain JWTs are not supported.
Version
5.1.0.M2
5.0.7