Open
Description
I am creating access tokens using jsonwebtoken
- here is an example on jwt.io.
You can see that jwt.io
regards the token as 'Signature Verified', however when I try to verify tokens using the jwk in a test I get an InvalidSignature
error:
let decoding_key = DecodingKey::from_jwk(config.jwk())?;
let mut token_validation = Validation::new(config.algorithm());
token_validation.set_audience(&[&config.audience]);
let decoded: TokenData<JsonWebToken> = decode(&*actual, &decoding_key, &token_validation)?
Curiously if I use the public key pem file the test passes successfully:
let decoding_key = DecodingKey::from_rsa_pem(config.public_key())?;
let mut token_validation = Validation::new(config.algorithm());
token_validation.set_audience(&[&config.audience]);
let decoded: TokenData<JsonWebToken> = decode(&*actual, &decoding_key, &token_validation)?;
I have been round the houses with this a few times now and have also tried to use DecodingKey::from_rsa_components
with the same result.
Here is the jwk for reference.
{"use":"sig","alg":"RS256","kid":"jwt-key-1","kty":"RSA","n":"ALGVuKyQ3vTQ8HibKWkyli_Chuv_BKLAqkClIAEakZW8JF-OxnRsnr9TLZxFVXQPxwBb8lpcWO3BIaX83POhV1a_CyOjDCQbyGQFWYAuLLWEAF7FGZV2SpZIzo_0yv-Sni87BHr3pGBsnHeKxT4m2JRGkUQVa5-fOcyeyz_h3SxsPx-I_9UhAseI2tTQz5i50-IxHmG8sOuhu6vxnYcYsJH6RcPIzvsnv9SJYFge0ij7G3CFJXviegFFRUZx9BTPcQ66vEtqegzl40KeBWQk-4Y27On7rgn-PbnrqkS--dhFLcC_nPaoX5DMcrqrANawXCfyMQf9Uf-8VsTemgadR1O2L_S70bGZhN_pEDMEpw9LaND3fJLLgmP-Vfm8S3o2xJBm8tuZIv6aEkq34yueU4-sv5UAftuva_C8y4NdPwxHXqBT5FJuhE2ntKMTxsJk0gZ2u8GGTP8nqlcHaQE0cH-6DHKc8r_XSDsnYwfjZc0JGM4M8skDkxmBd1xKxhuKFw","e":"AQAB"}
Any and all help gratefully received!
Metadata
Metadata
Assignees
Labels
No labels