Not allowed null values in Map

[yeDor]

Describe the problem

For not clear reasons library do not accept null values in maps. Check can be found in com.auth0.jwt.JWTCreator.Builder#validateClaim(java.util.Map).
Having payload = {"meta": null,"products": [{"metaInMap": null}]} following code

    Map payloadMap = mapper.readValue(payload, Map.class);
    return JWT.create()
              .withPayload(payloadMap)
              .sign(Algorithm.HMAC256("secret"));

will cause an exception:

java.lang.IllegalArgumentException: Claim values must only be of types Map, List, Boolean, Integer, Long, Double, String and Date
        at com.auth0.jwt.JWTCreator$Builder.withPayload(JWTCreator.java:383) ~[java-jwt-3.18.1.jar:3.18.1]
        at de.profiforms.license.jwt.JwtUtils.sign(JwtUtils.java:46) ~[classes/:?]

Note: meta -> null is ok, but metaInMap -> null produces an exception

What was the expected behavior?

Maps can contain nulls without causing exceptions.

Environment

• Version of this library used: 3.18.1
• Version of Java used: jdk-14.0.2
• Other modules/plugins/libraries that might be involved: com.fasterxml.jackson.core:jackson-databind:2.12.4

[jimmyjames]

You are correct; our null-handling is a bit inconsistent throughout, and is something we should handle consistently. @lbalmaceda do you have the history for why we do not allow null claim values for maps, but do for lists?

[lbalmaceda]

@jimmyjames I don't remember why we made that decision but I see that what @yeDor is seeing is documented correctly

java-jwt/lib/src/main/java/com/auth0/jwt/JWTCreator.java

Lines 365 to 366 in 364bf59

	* {@linkplain String} and {@linkplain Date}. {@linkplain Map}s cannot contain null keys or values.
	* {@linkplain List}s can contain null elements.

I do remember that we decided that when a claim's value was null, we deleted/removed that claim from the JWT we output, instead of adding it with a null value. If that's not the case and the claim meta (a list/array in the example above) is being included even when having a null value, we might need to revisit why it's like that in this withPayload method.

Also, beware that changing these things could imply a breaking change in behavior.

[whichperson]

Hello, could you please allow null values in a Map, again? I understand the reasoning behind not allowing null keys but it isn't very useful for the values. This issue is really preventing me from using your library because I have custom subject claims that have an object with null values. I don't want to remove it from the map, I need it to be there for the frontend. For example:

hotel: {
    id: 1
    name: Trivago
    availableRooms: null
}

Thank you.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️

[jimmyjames]

We will be consistently handling null claim values in v4; see #564 for reference. Thanks!

[poovamraj]

Hello 👋

We have fixed this behaviour in our latest v4.0.0-beta.0 release. We will close this issue now. Please try the new release and provide your feedback. Please note that there are changes in the library's behaviour in the new major and check out our Migration Guide to migrate your library.