Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify_rsa no method 'verify' for class String #115

Closed
stantoncbradley opened this issue Nov 24, 2015 · 7 comments
Closed

verify_rsa no method 'verify' for class String #115

stantoncbradley opened this issue Nov 24, 2015 · 7 comments

Comments

@stantoncbradley
Copy link

I recently switched my encoding algorithm from HS256 to RS256 and can no longer verify my tokens. Line 59 in jwt.rb seems to be the problem:

public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)

raises a no method error, no method 'verify' for type String. My public key is a string (no sure what else it should be?), and I don't see verify defined anywhere. What am I missing?

Thanks!
@stantoncbradley
Copy link
Author

For context, I'm using Auth0 and Knock, if that helps.

@stantoncbradley
Copy link
Author

This seems to be a limitation of Knock, not ruby-jwt. Apologies.

@AugustoPedraza
Copy link

@stantoncbradley I'm getting the same error, could you please share as you did fix it?

@stantoncbradley
Copy link
Author

@AugustoPedraza I was using Knock to pass my JWT to ruby-jwt and Knock didn't support RS256 so it wasn't passing in the proper params. Adding support for RS256 on Knock fixed my issue. ruby-jwt works fine for me after that, make sure you are passing the proper params. It's been awhile since I worked on this so I probably won't be able to give you much more details on what could be wrong with your payload. Like I said, I think your issue is upstream from ruby-jwt (at least mine was). Hope that helps!

@AugustoPedraza
Copy link

@stantoncbradley thanks for your reply. I was getting the same error because I was using an invalid Auth0 workflow to get my JWT.

@jessecravens
Copy link

jessecravens commented Feb 26, 2017
edited
Loading

@AugustoPedraza can you elaborate on 'using an invalid Auth0 workflow to get my JWT' , Im having the same issue, but fairly certain that Im using a proper workflow, and my JWT validates and signature verifies at jwt.io

@stantoncbradley In regards to Adding support for RS256 on Knock fixed my issue. Can you elaborate? Did you 'add support for RS256' manually? The knock tests lead me to believe there is support: https://github.com/nsarno/knock/blob/master/test/model/knock/auth_token_test.rb#L20 and I seem to be passing the proper params, but still not 100% positive.

Still digging.

And this leads me to believe that RS256 support still isn't baked into knock: auth0-samples/auth0-rubyonrails-api-samples#4

But the tests seem to indicate that support is there : https://github.com/nsarno/knock/blob/7fb00e36b8a1db188d2258eb28dbc56441385302/test/model/knock/auth_token_test.rb#L20

I think it could be that Im referencing the public key incorrectly in knock.rb, not handling new lines, or perhaps I should read the .pem directly from the filesystem? Any ideas?

This was referenced Feb 26, 2017
Closed
Closed
@jessecravens
Copy link

jessecravens commented Feb 26, 2017
edited
Loading

I got this working, as I expected I was passing in the token_public_key incorrectly. nsarno/knock#148

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jessecravens @AugustoPedraza @stantoncbradley