Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
token/key pair verification work in the JWT.io debugger but not with node-jsonwbetoken
See original GitHub issueThis is very strange.
See Runkit. Also pasting here. IS there some step in the debugger that I am not doing in this test code?
https://runkit.com/owendall/5bc28965f7b84200120e6f04
var jwt = require("jsonwebtoken")
// HS256
var token='eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3RvcGl4LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YmJjZmVhYjY4YTU2YzRjNTEzMjIyM2MiLCJhdWQiOlsiaHR0cHM6Ly90b3BpeC5pby90ZXN0Il0sImlhdCI6MTUzOTQ3NTQ5NSwiZXhwIjoxNTM5NDgyNjk1LCJhenAiOiJTaWNWUUlQRFJqQ2t2WVFFaTQ2bFNJWFhUeVllc1RJWCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUifQ.p9VPXiKqD4zFcKAoq112dV3FIyoHncAi0UytOJaPs2c';
// This is the "Signing Secret" obtained from Auth0 for the test API
var key = 'cE9d0Vy07dFxD3SOnpiAYLwwkDno7ZB6';// This is the same key used in the JWT.io debugger that works there!!
// Sync version: First try without specifying alg
try {
var decoded = jwt.verify(token, key)
} catch(err){
console.log("Verify: Sync test 1: " +err.message);
}
try {
var decoded = jwt.verify(token, key, { algorithms: ['HS256'] })
} catch(err){
console.log("Verify: Sync test 2: " +err.message);
}
// Try async version
jwt.verify(token, key, function(err, decoded) {
if (!err) {
console.log('Verify: Async test 1: Audience decoded: ' +decoded.aud)
} else {
console.log("Verify: Async test 1: "+ err.message);
}
});
// Now just decode without signature verification
try {
var decoded = jwt.decode(token,key);
console.log('Decode Only: Sync test: Audience decoded: '+ decoded.aud);
} catch(err){
console.log(err.message);
}
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
JSON Web Tokens - jwt.io
JSON Web Token (JWT) is a compact URL-safe means of representing claims to be ... We do not record tokens, all validation and...
Read more >Jwt.verify fails although token and key work in the JWT.io ...
I tested the generated id_token on JWT.io along with the client secret, the debugger showed the signature was verified.
Read more >What Happens If Your JWT Is Stolen? - Okta Developer
What happens if a JSON Web Token is stolen or compromised? What are ... Verify the JWT using the secret key njwt.verify(token, key,...
Read more >Validate a simple token in the request - Amazon CloudFront
Use Amazon CloudFront Functions to validate a JSON web token (JWT) in the HTTP ... function to work, you must configure CloudFront to...
Read more >Hardcoded secrets, unverified tokens, and other common JWT ...
JWT (JSON Web Token) is an open standard (RFC 7519) that defines a way to provide ... Not only does this introduce a...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@MitMaro Thanks, this old comment of yours helped me out today, I thought my signature was OK when testing with JWT.io - terrible design which really threw me off the scent!
I’ve been bitten by that particular “feature” of jwt.io in the past. Good luck with your investigation!