Could not recognize the signer algo #223
Comments
|
This is because the algorithm RS*** uses public/private keys for verifying/signing a token. More info can be seen on the asymmetric crypto guide here. The error message could be tweaked to be more specific. I'll keep this open until I get around it. |
|
I'm having the same problem. I want to create an |
|
The Edwards curves family of algorithms are not built-in and need some extra dependencies to work. This is the way JOSE works. More information may be found here: https://github.com/potatosalad/erlang-jose/blob/master/ALGORITHMS.md Although OTP now supports edwards curves (OTP 21 with a recent OpenSSL/BoringSSL) this detection is not built-in in JOSE. We are planning on providing our own implementation of JWA in the future to make it more easily pluggable but time is never a comodity unfortunately. @vans163 Did that solve your issue? Can I close this one? |
|
@victorolinasc I'm not native to the Elixir ecosystem so I'm struggling a bit with the solution here. I added |
|
For Unfortunately it is a bit outside of my scope too as those libraries have themselves other dependencies that are OS dependent. |
|
Is it a similar error when I receive: Tried to pass it as a string or pass it through JOSE.JWK.from_pem_file first. Both don't work. |
|
@bderooms this is a different issue... Probably related to your pem variable. It seems that it is not a For instance: :jose_jwk.from_pem(123456)
** (FunctionClauseError) no function clause matching in :jose_jwk.from_pem/1
The following arguments were given to :jose_jwk.from_pem/1:
# 1
123456
(jose) src/jose_jwk.erl:371: :jose_jwk.from_pem/1Pem should contain a valid PEM encoded key. |
|
@vans163 I'll close this issue for now. If anything, please re-open this. THanks! |
|
I stopped using Joken and just implemented the signature check myself, I needed it for JWT validation. So cannot comment if its fixed.. def validate_jwt(nil), do: nil
def validate_jwt(token) do
[headerb, payloadb, signatureb] = String.split(token, ".")
header = Base.url_decode64!(headerb, padding: false) |> JSX.decode!
payload = Base.url_decode64!(payloadb, padding: false) |> JSX.decode!
signature = Base.url_decode64!(signatureb, padding: false)
true = Map.fetch!(header,"alg") == "RS256"
true = Map.fetch!(payload, "iss") == "https://securetoken.google.com/"
isExpired = :os.system_time(1) >= Map.fetch!(payload, "exp")
case :persistent_term.get({:kid, Map.fetch!(header,"kid")}, nil) do
nil ->
jwt_google_cert()
nil
%{exponent: exponent, modulus: modulus} ->
msg = headerb<>"."<>payloadb
if :crypto.verify(:rsa, :sha256, msg, signature, [exponent,modulus]) and !isExpired do
Map.fetch!(payload, "user_id")
end
end
endThe hard part was pulling the exponent and modulus out the google cert. |
I've just run in to this. The error is especially confusing, because the list of supported algorithms includes the algorithm that has been rejected. edit: I managed to get this working directly with private_key = JOSE.JWK.from_pem_file("private_key.pem")
jwt_payload = %{hello: "world"}
{_, jwt} = JOSE.JWT.sign(private_key, %{"alg" => "RS256"}, jwt_payload) |> JOSE.JWS.compact() |
|
@adamu I am curious as to which error you were getting with For instance: pem = File.read!("private_key.pem")
signer = Joken.Signer.create("RS256", %{"pem" => pem})Does that not work for you? |
|
It was two years ago, let me see... I just tried your suggestion and it works. It's possible I was passing the binary directly instead of a map. If I do that, the error message does say that a map is required:
However, on the version at the time, 2.2.0. it doesn't:
Looks like it was resolved in #277. |
|
SOrry @adamu ! I was trolled by email notifications here ... Someone commented and then deleted here... I got the email, came here to check and thought it was you heheh sorry about this! THanks for confirming the fix :) |
The text was updated successfully, but these errors were encountered: