Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key validation responds with "jwt_auth_invalid_token" when using an asymmetric algorithm #98

Open
michankins opened this issue Apr 13, 2023 · 0 comments
Open

Key validation responds with "jwt_auth_invalid_token" when using an asymmetric algorithm #98

michankins opened this issue Apr 13, 2023 · 0 comments

Comments

@michankins
Copy link

michankins commented Apr 13, 2023
edited
Loading

For example, when using RS256, key generation works just fine, however, on validation:

openssl_verify(): supplied key param cannot be coerced into a public key in .../wp-content/plugins/jwt-auth/vendor/firebase/php-jwt/src/JWT.php on line 293
{"success":false,"statusCode":401,"code":"jwt_auth_invalid_token","message":"OpenSSL error: error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length","data":[]}

JWT::decode() expects a public key for asymmetric algorithms.

Setting another constant like JWT_AUTH_PUBLIC_KEY when using RS256 and using that at this line instead of JWT_AUTH_SECRET_KEY seems to fix the issue.

jwt-auth/class-auth.php

Line 411 in 0aeaa8f

$payload = JWT::decode( $token, new Key( $secret_key , $alg ));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michankins