Spring Security JwtReactiveAuthenticationManager does not handle third-party library error messages that are not suitable for RFC 6750's error message charset

Summary

JwtReactiveAuthenticationManager does not handle third-party library error messages that are not suitable for RFC 6750's error message charset.

Actual Behavior

An invalid/poorly structured token causes an assertion to be thrown internally within BearerTokenError, causing the framework to break out of normal authentication exception handling, ultimately causing a 500 error to the client.

Expected Behavior

Considering the JWT authentication manager takes the decoder as a strategy, it cannot guarantee that any error messages produced will conform to RFC 6750's error message charset, so should handle accordingly. See JwtAuthenticationProvider for an example of appropriate handling.

Configuration

Version

Spring Boot 2.2.0, Spring 5.2.0

Sample

Comment From: scoavadev

Thank you!