Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
JwtParser throws wrong exception when signing key is HMAC but token signed with RSA
See original GitHub issueGiven:
- A parser with an HS256 signing key.
- Key was specified using
JwtParser.setSigningKey(String base64Encoded). - Token being parsed is signed with algorithm RS256.
- Using the
parseClaimsJws(String)method. - Using jjwt-impl version 0.10.5
Expected:
- A
JwtExceptionof some kind.
Observed:
- An
IllegalArgumentExceptionwith the following message: “Key bytes can only be specified for HMAC signatures. Please specify a PublicKey or PrivateKey instance.”
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (2 by maintainers)
Top Results From Across the Web
Key bytes can only be specified for HMAC signatures. Please ...
It worked fine with that snippet temporary. It's now giving different error. that is, JWT signature does not match locally computed signature.
Read more >Critical vulnerabilities in JSON Web Token libraries - Auth0
If a server is expecting a token signed with RSA, but actually receives a token signed with HMAC, it will think the public...
Read more >Using JWT RBAC - Quarkus
The MicroProfile JWT RBAC specification requires that JWTs that are signed with the RSA-256 signature algorithm. This in turn requires an RSA public...
Read more >lcobucci/jwt - Gitter
I had to specify the claims key inorder to get the tokens claims ... I'm trying to implement Apples sign in, but I...
Read more >jwts.parser().setsigningkey - You.com | The Search Engine You ...
Best Java code snippets using io.jsonwebtoken. JwtParser.setSigningKey (Showing top 20 results out of 1,215) io.jsonwebtoken JwtParser setSigningKey.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@mbarkley Thanks for the prompt response, it is rather surprising, when i tried to parse the token generated through Azure AD, i can view the json object on jwt.io and other parsing websites… so i just wondering how can i get past this one.
@NagaAtLv have you got solution on this I am also facing same exception while working on AzureAD