Skip to content

Failed to decode JWT: Unsupported algorithm or incorrect key for HS256 Algorithm. #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
caffieneToCode opened this issue Feb 21, 2019 · 1 comment
Open

Failed to decode JWT: Unsupported algorithm or incorrect key for HS256 Algorithm. #123

caffieneToCode opened this issue Feb 21, 2019 · 1 comment

Comments

@caffieneToCode
Copy link

Hi @kylef
This library is removing HS256 algorithm by filtering it in verifiedAlgorithms in the snippet below.

func verifySignature(_ algorithms: [Algorithm], header: JOSEHeader, signingInput: String, signature: Data) throws {
  guard let alg = header.algorithm else {
    throw InvalidToken.decodeError("Missing Algorithm")
  }

  let verifiedAlgorithms = algorithms
    .filter { algorithm in algorithm.description == alg }
    .filter { algorithm in algorithm.verify(signingInput, signature: signature) }

  if verifiedAlgorithms.isEmpty {
    throw InvalidToken.invalidAlgorithm
  }
}

/// Verify a signature for a message using the algorithm

  func verify(_ message: String, signature: Data) -> Bool {
    return sign(message) == base64encode(signature)        // Because this returns false
  }

This works completely fine on jwt.io and the signature verifies correctly.
screenshot 2019-02-21 at 12 56 03 pm

Any Idea what went wrong here?
Because this works with other libraries..
@hadiidbouk
Copy link

any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caffieneToCode @hadiidbouk