libjwt: failed to parse jwt, jwt_decode seems broken
I have two tokens:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsInJvbGVzIjpbInRoaXMiLCJ0aGF0IiwidGhlb3RoZXIiXSwiaXNzIjoiaXNzdWVyIiwicGVyc29uSWQiOiI3NWJiM2NjNy1iOTMzLTQ0ZjAtOTNjNi0xNDdiMDgyZmFkYjUiLCJleHAiOjE5MDg4MzUyMDAsImlhdCI6MTQ4ODgxOTYwMCwidXNlcm5hbWUiOiJoZWxsby53b3JsZCJ9.tJoAl_pvq95hK7GKqsp5TU462pLTbmSYZc1fAHzcqWM
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsInJvbGVzIjpbInRoaXMiLCJ0aGF0IiwidGhlb3RoZXIiXSwiaXNzIjoiaXNzdWVyIiwicGVyc29uSWQiOiI3NWJiM2NjNy1iOTMzLTQ0ZjAtOTNjNi0xNDdiMDgyZmFkYjUiLCJleHAiOjE5MDg4MzUyMDAsImlhdCI6MTQ4ODgxOTYwMCwidXNlcm5hbWUiOiJoZWxsby53b3JsZCJ9.GpCRdGxE4uClX6Vg7eAPwG-37ZvNBQXyfcldKzDG_QI
First one is a test token from https://github.com/TeslaGov/ngx-http-auth-jwt-module/blob/master/test.sh, second one I generated using PHP. According to jwt.io, the first token is not valid, the second is valid. But when I use the nginx module which uses jwt_decode from libjwt (which I compiled and installed), the first token is valid, second is invalid. Algorithm is HS256.
Secret for testing is 00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 30 (14 by maintainers)
Commits related to this issue
- Add two new test cases from issue #79 Signed-off-by: Ben Collins <ben@cyphre.com> — committed to benmcollins/libjwt by benmcollins 5 years ago
I’m going to assume that nginx is using that key as a “string of bytes in hex format” like JWT.io is, and when you generated the token using PHP, you used it as a string of chars.
You need to make sure that PHP uses a string of bytes in hex, like I have in the above example, where each pair has
\xprepended to it.