I didn't spend a lot of time on this, but I got it working by scoping global variables in the CFCs.

Also it might be worth noting that real-world examples would likely require quotes around the payload properties.

Hit me up if you're interested in knowing what I did. Otherwise, if this project isn't really needed anymore and a different library would be better, adding that to the docs would be great.

I'm working with an authentication system that has given me a x509 certificate for the public key and when I try to decode the token using this library, I get this error: "Invalid RSA public key encoding."
I am able to successfully validate the signature on the jwt.io decoder so I'm pretty sure it's not a problem with the tokens or the certificate, but rather something in the Java being used by Coldfusion. I've tried tweaking it as much as I know how and I've gotten nowhere. Do you have any suggestions?

I'm pretty sure my code should work:
<cfset jwt = new lib.JsonWebTokens()>
<cfset payload = jwt.decode( token, "RS256", "#certString#" )>
Or am I missing something?
Thanks!

Hello,

I ported the code to an old version of CFML. I don't know if you face this problem, but the padding function was broken :

	function convertToBase64( input ) {
		input = replace( input, "-", "+", "all" );
		input = replace( input, "_", "/", "all" );
		var paddingLength = ( 4 - ( len( input ) mod 4 ) );
		return( input & repeatString( "=", paddingLength ) );
	}

When the input length is a multiple of 4, the modulo yields 0, so 4 - 0 yields 4, and we have a useless padding ==== added to the string.

If figured out with this simple payload : 'payload' (i.e. the simple word "payload" as a string. The JSON version ("payload") will be transformed to "payload when decoding (so there is a missing quote), and the JSON unserialize will just yield null.

I'm not 100% sure wether this behaviour is because of the unwanted padding, but the problem disappears with this dumb version of the function :

	function convertToBase64( input ) {
		input = replace( input, "-", "+", "all" );
		input = replace( input, "_", "/", "all" );
		switch(len( input ) mod 4) {
			case 1: return input & '===';
			case 2: return input & '==';
			case 3: return input & '=';
			default: return input;
		}
	}

I will not make a pull request because of the old version of the code we are using and because I'm not sure of what is the deep truth about this :)

Cheers.

I've tested this lib with google api JWT, but I got error:

can't decode the base64 input string [notasecret], because the input 
string has an invalid length

notasecret is the default password for google Jwt. The error is probably due to Base64url encoding.

Something like this:

reReplace(reReplace(reReplace(str, "\+", "-", "all"), "\/", "_", "all"),"=", "", "all")

could resolve the issue.

Here are some reference: https://developers.google.com/identity/protocols/OAuth2ServiceAccount