Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audience Claim broken? #151

Closed
ghost opened this issue May 13, 2016 · 4 comments · Fixed by #163
Closed

Audience Claim broken? #151

ghost opened this issue May 13, 2016 · 4 comments · Fixed by #163
Labels
bug
Milestone
Version 1.5.5

Comments

@ghost
Copy link

ghost commented May 13, 2016
edited by excpt
Loading

This (example code taken fro the github page) throws an Audience Error:

hmac_secret = 'test'
aud = ['Young', 'Old']
aud_payload = { :data => 'data', :aud => aud }

token = JWT.encode aud_payload, hmac_secret, 'HS256'

begin
  # Add aud to the validation to check if the token has been manipulated
  decoded_token = JWT.decode token, hmac_secret, true, { :aud => aud, :verify_aud => true, :algorithm => 'HS256' }
rescue JWT::InvalidAudError
  # Handle invalid token, e.g. logout user or deny access
  puts 'Audience Error'
end
@excpt
Copy link
Member

excpt commented May 13, 2016

Can you provide your jwt version from the Gemfile, please?

@excpt excpt added the bug label May 13, 2016
@excpt excpt added this to the Version 1.5.5 milestone May 13, 2016
@excpt excpt self-assigned this May 13, 2016
@excpt
Copy link
Member

excpt commented May 13, 2016

This error didn't raise any errors in the test suite because it is not tested for successful validation only for errors.

This line causes the problem.

unless @payload['aud'].include?(options_aud.to_s)

@excpt
Copy link
Member

excpt commented May 13, 2016

@hirschnase Thanks for reporting!

@excpt excpt removed their assignment Aug 22, 2016
@excpt excpt mentioned this issue Sep 16, 2016
Merged
excpt added a commit that referenced this issue Sep 16, 2016
@excpt
Merge pull request #163 from excpt/master
5cf4cb5 
Fix #151 and code refactoring
@excpt
Copy link
Member

excpt commented Sep 16, 2016

@hirschnase This issue should be fixed now.

If you find the time can you please check your code with the current master branch version of jwt?

Cheers! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Version 1.5.5
Development

Successfully merging a pull request may close this issue.

Fix #151 and code refactoring
1 participant
@excpt