JWT authorization token too long

[SamdevQ]

I've gotten the server and client apps running but when I try to make a request, the JWT token which comes from the local server's /token endpoint is apparently too many characters (which doesn't make sense as it's a valid JWT token from what I can tell and just as many characters as it needs to be).

Specifically, I get an HTTP 400 error with this response:

{"code":"400","description":"prepareTransactionRequest.authorization: size must be between 0 and 1024, prepareTransactionRequest.authorization: must match \"^Bearer [A-Za-z0-9\\-_. ]{1,1024}$\"","category":"Constraint Violations"}

My request (managed by the client app) contains the Authorization header as I would expect.

authorization: Bearer eyJ...[token redacted]

The URL this is hitting is https://api.sandbox.overledger.io/v2/preparation/transaction. Is that perhaps wrong? Should I not be hitting overledger.io and instead pointing to something local?

The token and the "Bearer " prefix are in fact 1061 characters (37 over the apparent 1024 limit), but that's not avoidable if the token is to be used in its entirety.

[SamdevQ]

One other note, if I use an old token, I get 401 with the message:

{"message":"The incoming token has expired"}

This is understandable, the token did likely expire, but it seems the token is being processed prior to the constraint check, which may not be desirable. When I use a new token, the same issue in the first post persists.

[lukerQuant]

Hi @SamdevQ , in a recent version we added validation on the token length. This validation was too short in a small number of cases. We have since x4ed this validation length and released this with 2.1.3 OVL. Please check again.

[SamdevQ]

I'll try testing things out again, thanks! I got sidetracked from looking into this, it sounds like that should fix it though