Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix: handle IllegalArgumentException when not base64 encoded #12955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: handle IllegalArgumentException when not base64 encoded #12955

wants to merge 1 commit into from

Conversation

regadas
Copy link
Contributor

@regadas regadas commented May 2, 2025

Handle the potential case of token part not being b64 encoded.

In my case dealing with GCP bearer token for SA they have an extra part ie y29a.c.ABCDEF which passes the previous if condition and reaching this point.

@github-actions github-actions bot added the core label May 2, 2025
@regadas regadas force-pushed the fix/handle-non-b64-token branch from 9b48ef9 to 6d5e7eb Compare May 3, 2025 09:23
singhpk234
singhpk234 reviewed May 3, 2025
View reviewed changes
Copy link
Contributor

@singhpk234 singhpk234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you know when it is not base64 encoded ? wondering if this is the right handling or if we should throw an IllegalStateException or something

@regadas
Copy link
Contributor Author

regadas commented May 4, 2025

do you know when it is not base64 encoded ? wondering if this is the right handling or if we should throw an IllegalStateException or something

Hi @singhpk234 Thanks for taking a look!

so GCP bearer access tokens are opaque and not base64 encoded, so it's not possible to extract the expire time from them.

For user bearer tokens things work because they are only composed by 2 parts, they are prefixed with only ya29 but for service accounts they have ya29.c which leads to this issue, where I need to catch the IllegalArgumentException otherwise I can't pass the token to the server.

As is, expiresAtMillis extracting logic only makes sense for JWT tokens and it returns null when it fails do decode the payload , IOException, so catching the IllegalArgumentException thrown by the Base64 decoder also makes sense to me and should be ok.

let me know

singhpk234
singhpk234 approved these changes May 7, 2025
View reviewed changes
Copy link
Contributor

@singhpk234 singhpk234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as this is just an additional kind of exception that we can expect from the base64 decode !

Thanks @regadas !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@singhpk234 singhpk234 singhpk234 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@regadas @singhpk234