Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWS Signature Verification fails when payload contains anything other than JSON #63

Open
jeanabraham opened this issue Dec 4, 2024 · 1 comment
Open

JWS Signature Verification fails when payload contains anything other than JSON #63

jeanabraham opened this issue Dec 4, 2024 · 1 comment

Comments

@jeanabraham
Copy link

Hi,

For the below JWS token verification:

local jwt_obj = jwt:verify(public_key_pem, jws_token)

    -- Check signature verification
    if jwt_obj.verified == false then
        local error_message = cjson.encode(jwt_obj)
        kong.log.err(error_message)
        return kong.response.exit(401, { message = error_message })
    end

The verify fails when the content of the payload is a base64url encoded value of a hexadecimal of a sha256 binary.

{"message":"{\"reason\":\"invalid payload: ZGM3NzZmMGQ2MjZlNWQyYTI2NmM5YTIwNzQ4Njc1NmE4MjRmNWRhNTcyZmQ2MGQ1ZTJlNzlkOTFmZmM0ZTNlNw\",\"verified\":false}"}

The same token verification works when the payload is a base64url encoded value of JSON.

Thanks in advance for any help!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeanabraham and others