Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sign: add check to be sure secret has a value #374

Merged
merged 1 commit into from
Aug 4, 2017

Conversation

ziluvatar
Copy link
Contributor

Lately there are more people raising this, not big deal but it can be weird and create confusion. We fix it in our layer, since the bug in JWS is still open.

In case of sync call, with current master code this error is returned: TypeError: secret must be a string or buffer.
With this PR both will return the same error Error: secretOrPrivateKey must have a value, I don't think the change would break anyone, because if someone got that error their integration would not be working at all.

Fixes: #286
Fixes: #373

@jfromaniello jfromaniello merged commit c6a7026 into auth0:master Aug 4, 2017
@ziluvatar ziluvatar deleted the add-check-for-empty-secrets branch August 9, 2017 14:47
@rhysmccaig
Copy link

This breaks the use of the none algorithm.

@nguilford
Copy link

@rhysmccaig The workaround is to pass in a non-zero length string. Not ideal behavior, but it unblocks you when using none algo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Signing with undefined secret never gets resolved Undefined private keys
5 participants