From 6f2b2956d77bb2e07e1c0460aeb3c8abdc0d8f2d Mon Sep 17 00:00:00 2001 From: Javier Tinoco <213990346+javiert-okta@users.noreply.github.com> Date: Wed, 9 Jul 2025 10:57:54 -0500 Subject: [PATCH 1/2] fix signing errors when there is no header --- .../encoder/services/token-encoder.service.ts | 108 +++++++++--------- 1 file changed, 55 insertions(+), 53 deletions(-) diff --git a/src/features/encoder/services/token-encoder.service.ts b/src/features/encoder/services/token-encoder.service.ts index 9174354c..c09a03e5 100644 --- a/src/features/encoder/services/token-encoder.service.ts +++ b/src/features/encoder/services/token-encoder.service.ts @@ -86,12 +86,12 @@ class _TokenEncoderService { const header = isNoneAlg(algorithm) ? { - alg: algorithm, - } + alg: algorithm, + } : { - alg: algorithm, - typ: "JWT", - }; + alg: algorithm, + typ: "JWT", + }; /** * We need to update the value of this payload; otherwise, the controlledPayload observable @@ -605,7 +605,7 @@ class _TokenEncoderService { header: decodedHeader, headerWarnings: getValidatedHeaderResult.value.headerWarnings && - getValidatedHeaderResult.value.headerWarnings.length > 0 + getValidatedHeaderResult.value.headerWarnings.length > 0 ? getValidatedHeaderResult.value.headerWarnings : null, }); @@ -647,7 +647,7 @@ class _TokenEncoderService { header: decodedHeader, headerWarnings: getValidatedHeaderResult.value.headerWarnings && - getValidatedHeaderResult.value.headerWarnings.length > 0 + getValidatedHeaderResult.value.headerWarnings.length > 0 ? getValidatedHeaderResult.value.headerWarnings : null, }); @@ -837,28 +837,28 @@ class _TokenEncoderService { async encodeJwt( params: | { - algType: SigningAlgCategoryValues.ANY; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - symmetricSecretKey: string; - symmetricSecretKeyEncoding: EncodingValues; - asymmetricPrivateKey: string; - asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; - } + algType: SigningAlgCategoryValues.ANY; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + symmetricSecretKey: string; + symmetricSecretKeyEncoding: EncodingValues; + asymmetricPrivateKey: string; + asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; + } | { - algType: SigningAlgCategoryValues.SYMMETRIC; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - symmetricSecretKey: string; - symmetricSecretKeyEncoding: EncodingValues; - } + algType: SigningAlgCategoryValues.SYMMETRIC; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + symmetricSecretKey: string; + symmetricSecretKeyEncoding: EncodingValues; + } | { - algType: SigningAlgCategoryValues.ASYMMETRIC; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - asymmetricPrivateKey: string; - asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; - }, + algType: SigningAlgCategoryValues.ASYMMETRIC; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + asymmetricPrivateKey: string; + asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; + }, ): Promise< Result< { @@ -881,18 +881,18 @@ class _TokenEncoderService { encodeJWTResult = isHmacAlg(header.alg) ? await this.encodeJWTWithHmacAlg( + header, + payload, + symmetricSecretKey, + symmetricSecretKeyEncoding, + ) + : isDigitalSignatureAlg(header.alg) + ? await this.encodeJWTWithDigitalSignatureAlg( header, payload, - symmetricSecretKey, - symmetricSecretKeyEncoding, + asymmetricPrivateKey, + asymmetricPrivateKeyFormat, ) - : isDigitalSignatureAlg(header.alg) - ? await this.encodeJWTWithDigitalSignatureAlg( - header, - payload, - asymmetricPrivateKey, - asymmetricPrivateKeyFormat, - ) : null; } @@ -1063,14 +1063,14 @@ class _TokenEncoderService { const encodeJwtResult = isNoneAlg(header.alg) ? await this.encodeUnsecuredJWT(header, payload) : await this.encodeJwt({ - algType: SigningAlgCategoryValues.ANY, - header, - payload, - symmetricSecretKey: params.symmetricSecretKey, - symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, - asymmetricPrivateKey: params.asymmetricPrivateKey, - asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, - }); + algType: SigningAlgCategoryValues.ANY, + header, + payload, + symmetricSecretKey: params.symmetricSecretKey, + symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, + asymmetricPrivateKey: params.asymmetricPrivateKey, + asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, + }); if (encodeJwtResult.isErr()) { return { @@ -1132,7 +1132,9 @@ class _TokenEncoderService { payload: params.payload, payloadErrors: null, encodingWarnings: null, - signingErrors: null, + signingErrors: params.header ? null : [ + "Fix any errors in the JWT header to enable editing this field.", + ], }; const processPayloadResult = this.processPayload({ @@ -1170,14 +1172,14 @@ class _TokenEncoderService { const encodeJwtResult = isNoneAlg(header.alg) ? await this.encodeUnsecuredJWT(header, payload) : await this.encodeJwt({ - algType: SigningAlgCategoryValues.ANY, - header, - payload, - symmetricSecretKey: params.symmetricSecretKey, - symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, - asymmetricPrivateKey: params.asymmetricPrivateKey, - asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, - }); + algType: SigningAlgCategoryValues.ANY, + header, + payload, + symmetricSecretKey: params.symmetricSecretKey, + symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, + asymmetricPrivateKey: params.asymmetricPrivateKey, + asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, + }); if (encodeJwtResult.isErr()) { return { From 6961386e6f8dd2c365c5c74110d2a13a4e340ad9 Mon Sep 17 00:00:00 2001 From: Javier Tinoco <213990346+javiert-okta@users.noreply.github.com> Date: Thu, 10 Jul 2025 11:49:07 -0500 Subject: [PATCH 2/2] fix formatting --- .../encoder/services/token-encoder.service.ts | 104 +++++++++--------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/src/features/encoder/services/token-encoder.service.ts b/src/features/encoder/services/token-encoder.service.ts index c09a03e5..44ceaf93 100644 --- a/src/features/encoder/services/token-encoder.service.ts +++ b/src/features/encoder/services/token-encoder.service.ts @@ -86,12 +86,12 @@ class _TokenEncoderService { const header = isNoneAlg(algorithm) ? { - alg: algorithm, - } + alg: algorithm, + } : { - alg: algorithm, - typ: "JWT", - }; + alg: algorithm, + typ: "JWT", + }; /** * We need to update the value of this payload; otherwise, the controlledPayload observable @@ -605,7 +605,7 @@ class _TokenEncoderService { header: decodedHeader, headerWarnings: getValidatedHeaderResult.value.headerWarnings && - getValidatedHeaderResult.value.headerWarnings.length > 0 + getValidatedHeaderResult.value.headerWarnings.length > 0 ? getValidatedHeaderResult.value.headerWarnings : null, }); @@ -647,7 +647,7 @@ class _TokenEncoderService { header: decodedHeader, headerWarnings: getValidatedHeaderResult.value.headerWarnings && - getValidatedHeaderResult.value.headerWarnings.length > 0 + getValidatedHeaderResult.value.headerWarnings.length > 0 ? getValidatedHeaderResult.value.headerWarnings : null, }); @@ -837,28 +837,28 @@ class _TokenEncoderService { async encodeJwt( params: | { - algType: SigningAlgCategoryValues.ANY; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - symmetricSecretKey: string; - symmetricSecretKeyEncoding: EncodingValues; - asymmetricPrivateKey: string; - asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; - } + algType: SigningAlgCategoryValues.ANY; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + symmetricSecretKey: string; + symmetricSecretKeyEncoding: EncodingValues; + asymmetricPrivateKey: string; + asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; + } | { - algType: SigningAlgCategoryValues.SYMMETRIC; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - symmetricSecretKey: string; - symmetricSecretKeyEncoding: EncodingValues; - } + algType: SigningAlgCategoryValues.SYMMETRIC; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + symmetricSecretKey: string; + symmetricSecretKeyEncoding: EncodingValues; + } | { - algType: SigningAlgCategoryValues.ASYMMETRIC; - header: DecodedJwtHeaderModel; - payload: DecodedJwtPayloadModel; - asymmetricPrivateKey: string; - asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; - }, + algType: SigningAlgCategoryValues.ASYMMETRIC; + header: DecodedJwtHeaderModel; + payload: DecodedJwtPayloadModel; + asymmetricPrivateKey: string; + asymmetricPrivateKeyFormat: AsymmetricKeyFormatValues; + }, ): Promise< Result< { @@ -881,18 +881,18 @@ class _TokenEncoderService { encodeJWTResult = isHmacAlg(header.alg) ? await this.encodeJWTWithHmacAlg( - header, - payload, - symmetricSecretKey, - symmetricSecretKeyEncoding, - ) - : isDigitalSignatureAlg(header.alg) - ? await this.encodeJWTWithDigitalSignatureAlg( header, payload, - asymmetricPrivateKey, - asymmetricPrivateKeyFormat, + symmetricSecretKey, + symmetricSecretKeyEncoding, ) + : isDigitalSignatureAlg(header.alg) + ? await this.encodeJWTWithDigitalSignatureAlg( + header, + payload, + asymmetricPrivateKey, + asymmetricPrivateKeyFormat, + ) : null; } @@ -1063,14 +1063,14 @@ class _TokenEncoderService { const encodeJwtResult = isNoneAlg(header.alg) ? await this.encodeUnsecuredJWT(header, payload) : await this.encodeJwt({ - algType: SigningAlgCategoryValues.ANY, - header, - payload, - symmetricSecretKey: params.symmetricSecretKey, - symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, - asymmetricPrivateKey: params.asymmetricPrivateKey, - asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, - }); + algType: SigningAlgCategoryValues.ANY, + header, + payload, + symmetricSecretKey: params.symmetricSecretKey, + symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, + asymmetricPrivateKey: params.asymmetricPrivateKey, + asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, + }); if (encodeJwtResult.isErr()) { return { @@ -1172,14 +1172,14 @@ class _TokenEncoderService { const encodeJwtResult = isNoneAlg(header.alg) ? await this.encodeUnsecuredJWT(header, payload) : await this.encodeJwt({ - algType: SigningAlgCategoryValues.ANY, - header, - payload, - symmetricSecretKey: params.symmetricSecretKey, - symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, - asymmetricPrivateKey: params.asymmetricPrivateKey, - asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, - }); + algType: SigningAlgCategoryValues.ANY, + header, + payload, + symmetricSecretKey: params.symmetricSecretKey, + symmetricSecretKeyEncoding: params.symmetricSecretKeyEncoding, + asymmetricPrivateKey: params.asymmetricPrivateKey, + asymmetricPrivateKeyFormat: params.asymmetricPrivateKeyFormat, + }); if (encodeJwtResult.isErr()) { return {