parseJwt fails for some JWT because of wrong use of replace() #1268
Description
Issue and Steps to Reproduce
The parseJwt() function fails to parse some JWT (with multiple occurences of '-' or '_').
https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client/src/parseTokens.ts#L5C76-L5C112 and https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client-service-worker/src/utils/tokens.ts#L15C41-L15C77
.replace('-', '+').replace('_', '/')
replace() with string first param only replaces the first occurence.
Use
.replace(/-/g, '+').replace(/_/g, '/')
instead.
Example:
claimsPart = "eyJzZXNzaW9uX3N0YXRlIjoiNzVjYzVlZDItZGYyZC00NTY5LWJmYzUtMThhOThlNjhiZTExIiwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoixrTHosOBw6zDhyDlsI_lkI0t44Ob44Or44OYIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdGluZ2NoYXJhY3RlcnNAaW52ZW50ZWRtYWlsLmNvbSIsImdpdmVuX25hbWUiOiLGtMeiw4HDrMOHIiwiZmFtaWx5X25hbWUiOiLlsI_lkI0t44Ob44Or44OYIn0"
atob(claimsPart.replace('-', '+').replace('_', '/'))
throws error, while
atob(claimsPart.replace(/-/g, '+').replace(/_/g, '/'))
can be decoded to
{"session_state":"75cc5ed2-df2d-4569-bfc5-18a98e68be11","scope":"openid email profile","email_verified":true,"name":"Æ´Ç¢Ã\u0081ìÃ\u0087 å°\u008få\u0090\u008d-ã\u0083\u009bã\u0083«ã\u0083\u0098","preferred_username":"testingcharacters@inventedmail.com","given_name":"Æ´Ç¢Ã\u0081ìÃ\u0087","family_name":"å°\u008få\u0090\u008d-ã\u0083\u009bã\u0083«ã\u0083\u0098"}
Versions
main branch.
Screenshots
Expected
JWT can be decoded properly
Actual
JWT cannot be decoded, but function throws error.
Additional Details
- Installed packages: