CDC Issue with SAP Commerce Cloud 2211.24

Recently, when we attempted to upgrade our SAP Commerce Cloud version to 2211.24, we encountered an error in the CDC package: CXCOMIEP221100U_24.

The error occurred during the login process:

Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: ‘io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)

"epochSecond":1719840602,"nanoOfSecond":119948605},"thread":"hybrisHTTP10","level":"ERROR","loggerName":"org.springframework.security.oauth2.provider.endpoint.TokenEndpoint","message":"Handling error: NestedServletException, Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)'","thrown":{"commonElementCount":0,"localizedMessage":"Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)'","message":"Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)'","name":"org.springframework.web.util.NestedServletException","cause":{"commonElementCount":94,"localizedMessage":"'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)'","message":"'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setId(java.lang.String)'","name":"java.lang.NoSuchMethodError","extendedStackTrace":[{"class":"com.gigya.auth.GSAuthRequestUtils","method":"composeJwt","file":"GSAuthRequestUtils.java","line":169,"exact":false,"location":"gigya-java-sdk-auth-1.0.0.jar","version":"?"},{"class":"com.gigya.auth.GSAuthRequest","method":"signRequest","file":"GSAuthRequest.java","line":23,"exact":false,"location":"gigya-java-sdk-auth-1.0.0.jar","version":"?"},{"class":"com.gigya.socialize.GSRequest","method":"sendRequest","line":-1,"exact":false,"location":"gigya-java-sdk-3.2.3.jar","version":"3.2.3"},{"class":"com.gigya.socialize.GSRequest","method":"send","line":-1,"exact":false,"location":"gigya-java-sdk-3.2.3.jar","version":"3.2.3"},{"class":"com.gigya.socialize.GSRequest","method":"send","line":-1,"exact":false,"location":"gigya-java-sdk-3.2.3.jar","version":"3.2.3"},{"class":"de.hybris.platform.gigya.gigyaservices.service.impl.DefaultGigyaService","method":"callRawGigyaApiWithConfigAndObject","file":"DefaultGigyaService.java","line":104,"exact":false,"location":"gigyaservicesserver.jar","version":"?"},{"class":"de.hybris.platform.gigya.gigyaservices.service.impl.DefaultGigyaService","method":"callRawGigyaApiWithConfig","file":"DefaultGigyaService.java","line":42,"exact":false,"location":"gigyaservicesserver.jar","version":"?"},{"class":"de.hybris.platform.gigya.gigyaservices.login.impl.DefaultGigyaLoginService","method":"verifyGigyaCallApiUser","file":"DefaultGigyaLoginService.java","line":247,"exact":false,"location":"gigyaservicesserver.jar","version":"?"},m

This issue occurs because the jwt libraries were upgraded from version 0.11.5.jar to 0.12.5.jar.

In the new version, the setId method is declared only in the base interface ClaimsMutator.java (deprecated) and not in JwtBuilder.java. Instead, a new method T id(String var1) is introduced for this purpose.

However, the CDC packages were compiled using the old version, where it still looks for setId instead of usingid.

To resolve the issue we can empty the field Customer Data Cloud Private Key from SAP Customer Data Cloud Configuration in backoffice:

This resolves the issue because when we leave the Private Key empty, the gigyaUserSecret is used for signing instead of gigyaPrivateKey. Additionally, GSRequest.java is used instead of GSAuthRequest.java, which can be verified in DefaultGigyaService.callRawGigyaApiWithConfigAndObject

This way, the problematic code is not called at all.

I hope this helps others to overcome the issue.