Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot verify token/secret which verifies successfully using Node #75

Closed
mlanza opened this issue Sep 30, 2022 · 3 comments
Closed

Cannot verify token/secret which verifies successfully using Node #75

mlanza opened this issue Sep 30, 2022 · 3 comments

Comments

@mlanza
Copy link

mlanza commented Sep 30, 2022

While I am new to JWT I have run virtually the same code through Node's jsonwebtoken library and it works. I am targeting this library, however, to reduce my bundling dependencies.

Running decode against my JWT works fine. Running verify, however, results in a null exception:

error: Uncaught TypeError: Cannot read properties of undefined (reading 'name')
    if (keyAlgorithm.name === algAlgorithm.name) {
                     ^
    at verify (https://deno.land/x/[email protected]/algorithm.ts:46:22)
    at Module.verify (https://deno.land/x/[email protected]/mod.ts:151:7)
    at file:///xxx/xxx/xxx/xxxx/src/cf/jwt.js:15:28

Here's what I'm running:

//import jwt from "jsonwebtoken"; //I used Node's experimental-module syntax and it works fine.
import * as jwt from "https://deno.land/x/[email protected]/mod.ts";

const token = "...";
const JWT_SECRET = "...";

const decoded = await jwt.decode(token); //success
console.log("decoded", decoded);  

const verified = await jwt.verify(token, JWT_SECRET); //fail!
console.log("verified", verified);

I am certain my secret and token are fine having confirmed them in Node. The only difference is Node's methods are synchronous and don't require await.

My decoded payload follows, sensitive content elided:

[
  { alg: "HS256", typ: "JWT" },
  {
    aud: "authenticated",
    exp: 1664581993,
    sub: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    email: "[email protected]",
    phone: "",
    app_metadata: { provider: "email", providers: [ "email" ] },
    user_metadata: {},
    role: "authenticated",
    session_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  },
  Uint8Array(32) [ ...
  ]
]
@mlanza
Copy link
Author

mlanza commented Sep 30, 2022
edited
Loading

For what it's worth, I just reduced my version to use:

import * as jwt from "https://deno.land/x/[email protected]/mod.ts";

and added "HS256":

const verified = await jwt.verify(token, JWT_SECRET, "HS256");

And this works! But not in 2.7.

@timonson
Copy link
Member

timonson commented Sep 30, 2022
edited
Loading

Hi @mlanza , you need a CryptoKey as key in version v2.7 because they are supposed to be more secure. Maybe the examples, which you can find here, will help you.

@mlanza
Copy link
Author

mlanza commented Sep 30, 2022

Thank you. I will look into that, but to get up and running I am content with using the older version for now.

@mlanza mlanza closed this as completed Sep 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlanza @timonson