-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT Invalid #56
Comments
Hello. This appears to be same issue as #54. So I can confirm could you please supply a minimal program to reproduce this issue? |
Thanks a lot for your answer, doesn't look good 😢 |
@marsouin the thing is, I can't quite work out why it's failing with Like I said, can you give me a minimal program that demonstrates how you are attempting to validate the JWT? Here is another suggestion in relation to the |
@frasertweedale right, sorry, I'm terrible at Haskell is the thing. I'm going to try your suggestion and or find someone here who could help me write a minimal program. |
@marsouin cheers (FYI I am in UTC+10). BTW, you are not terrible at Haskell, you are a new learner :) Enjoy the ride. |
@frasertweedale oh well, that might be tomorrow for you then haha. |
I've just gotten rid of the x5t & x5c parameters and got the next error, which is JWTNotInAudience. But I guess that's more of a postgrest issue ;) |
@marsouin you have to set the audience predicate in the JWT validation settings to test See the let config = defaultJWTValidationSettings (== "bob") If you don't care at all you can just set the predicate to |
@marsouin what is the outcome? Shall I close this issue? |
I ended up verifying the audience perfectly, you can close this! |
Glad to hear. Thanks! |
Hi, I have a JWT and JWK issued by Auth0 that get a systematic JWSError JWSInvalidSignature on validation.
Here's a sample JWT
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJEWTVSVEpFTVRReFF6WTBPVFkzT0VORk1UUXpPVEU1UXpORFFVSTBNVVl4UkRnMU5VUXdSUSJ9.eyJpc3MiOiJodHRwczovL2xvYmJ5Y2l0b3llbi5ldS5hdXRoMC5jb20vIiwic3ViIjoibFptdTQzdDJXQjBrWm1sQzV3ZmxoTVVQOFY3bzlNemRAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vd3d3LmxvYmJ5LWNpdG95ZW4tYXBpLWF1dGguZnIvIiwiZXhwIjoxNTA2NDk5ODExLCJpYXQiOjE1MDY0MTM0MTEsInNjb3BlIjoiIn0.NxFEQy_vhFR_zjkNqq8wkCmdhs8sdyiB4SNuh3sKDwgGZpxQAq5CsqYzmkLl5A9nF1wRp0lwyYVncx3_ctaILJ92cpoM2478CNzDPzCKTydUzABgwK6Jo9L-R8A2FGjPRtMeMxpkhTTlclEo6ERIXocVQa6-Oeji42nwmQEjJkkdX4iTBl0DgsqrfrfPPxa1XtvF5MyjT6U8XlV_65C1zXcayhA2nhykIhbw5atht_yUkrhdbYEihZblaUTy7cfmEYpqeNTJxLRyQ30wPvccXi2bQgq7Sq7VIFP_S-dHERk6LXTbase0bu7QR_XA5w6lyOs7oXVbF5Jr8adrMh2R6g
and here's the JWK
{"alg":"RS256","kty":"RSA","use":"sig","x5c":["MIIDDTCCAfWgAwIBAgIJTegPuD4Mvm6sMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNVBAMTGWxvYmJ5Y2l0b3llbi5ldS5hdXRoMC5jb20wHhcNMTcwODAyMTQ1MjM2WhcNMzEwNDExMTQ1MjM2WjAkMSIwIAYDVQQDExlsb2JieWNpdG95ZW4uZXUuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVzlh+IW4I95QelKKZyDjbVv0tLBvEo/jE9ndTCigjPHrtHzjAg+aB+u/KBYkF9CxT8nRWutm9GB9tXvg7z7n4U2fd4qZGLH6xFmIzqAJKwe7Z3l2fSqI1jJw4KLfYfGvAqP9qrETb8cH7jpEoI9nXp7a0GQ/BftQUk0qmczN9yLp+k0UGXtUNrJXJ7hWjpVcG7wRGHDZ9plbQZ9WmMJUFlPIn7Yvar1GhZNozz+37pD3a/DkE+uIQ1zhgMRcZhl6Sb3zjKn7l7XrMjuZJ7afSNHaXicrIhHS2/J3FtmDlR4/cha4H/jBVKzlUd+zB+pFMoOd1hnxE773b8ZVQ9dcwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSzoceBhNJklZTlVIox/Kpq1cWUszAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADggEBAKFgVJ/SAcp32TsW/RlhjRBcSZ3cQKGjpMGs2FMm4dvZocPSIezK8KQt9Vq6K+H6/gePmTa9/z1wQTWsRSI+a6/RJ8rXbLiHovuFC5ilpcDGrBJj2KDkSYPfc0E9B0eXeeZSe7TVY6gbOKvut3mVESuZP/+r36ieyIiIVWIkoZrOULniCUxClFRRNYfl9AnvC18buxK69MjNNUYtvmL1hE9CWyptBM1Pjlo1e4qMMusn9Jm2EHNf9j0e0b1gaV4z4OL+uOE756P9ef8XxLbE5cuqt3fDXi9qFLvTy0wlFaZB1P39rt6JkWTiilB4dT06JxursJTEY0fKtWimKbhQd3Y="],"n":"vVzlh-IW4I95QelKKZyDjbVv0tLBvEo_jE9ndTCigjPHrtHzjAg-aB-u_KBYkF9CxT8nRWutm9GB9tXvg7z7n4U2fd4qZGLH6xFmIzqAJKwe7Z3l2fSqI1jJw4KLfYfGvAqP9qrETb8cH7jpEoI9nXp7a0GQ_BftQUk0qmczN9yLp-k0UGXtUNrJXJ7hWjpVcG7wRGHDZ9plbQZ9WmMJUFlPIn7Yvar1GhZNozz-37pD3a_DkE-uIQ1zhgMRcZhl6Sb3zjKn7l7XrMjuZJ7afSNHaXicrIhHS2_J3FtmDlR4_cha4H_jBVKzlUd-zB-pFMoOd1hnxE773b8ZVQ9dcw","e":"AQAB","kid":"RDY5RTJEMTQxQzY0OTY3OENFMTQzOTE5QzNDQUI0MUYxRDg1NUQwRQ","x5t":"RDY5RTJEMTQxQzY0OTY3OENFMTQzOTE5QzNDQUI0MUYxRDg1NUQwRQ"}
I can't seem to find the issue as it validates well on jwt.io...
Thanks a lot for your help!
The text was updated successfully, but these errors were encountered: