AsymmetricSignatureVerifier should not use Charset.defaultCharset()

[Marcono1234]

Describe the problem

AsymmetricSignatureVerifier uses the default charset during token validation:

Auth0.Android/auth0/src/main/java/com/auth0/android/provider/AsymmetricSignatureVerifier.java

Line 42 in 5f20b76

byte[] contentBytes = content.getBytes(Charset.defaultCharset());

It should probably instead specify an explicit charset, most likely either StandardCharsets.ISO_8859_1 or StandardCharsets.US_ASCII.

[lbalmaceda]

@Marcono1234 thanks for raising this. We use it to extract UTF-8 content. As per the Android docs, this value is always "UTF-8". A change from the Android OS side would be a breaking change for everyone who depends on it, so it's highly unlikely

Can you expand a bit on the reasons why we shouldn't use the default charset?

[Marcono1234]

Ah you are right. This might not actually a problem then. I created the issue with the Java implementation in mind which does not make such guarantee and therefore using the default charset there is in most cases not a good idea.
Though if your intention is to use UTF-8, then it might be good to make that more explicit by using StandardCharsets.UTF_8. You are targeting API level 21 and that constant exists since API level 19 so you could use it without any issues.

[lbalmaceda]

Sounds good. We used to pass the string name of the charset and that made us try/catch or ignore a runtime exception that would never be thrown (on android at least).

Would you like to send a PR with that change? Note that it might be used in more than one place. e.g. #484