Comments (9)
AnthonyDeroche
commented on May 20, 2024
Hello,
The token should be correctly decoded if you transform the public exponent "n" of your jwks into a valid PEM RSA public key. To validate signature, I'm using libjwt (https://github.com/benmcollins/libjwt) using itself openssl.
Can you give me public keys in PEM format used to check validation and a JWT (even expired) delivered by AWS to try to help you more ? You can email me at anthony[at]deroche.me
Regarding the last question, I cannot support JWKS for the moment in my module, although it might be interesting to do so. The underlying library I'm using does not support JWKS itself. I will propose it on the tracker.
from mod_authnz_jwt.
andrewlear
commented on May 20, 2024
Thanks. I emailed you the requested items. Did you receive them? Thanks.
from mod_authnz_jwt.
AnthonyDeroche
commented on May 20, 2024
Hello, yes I received your email. I will take a look at this and I will keep you posted.
from mod_authnz_jwt.
AnthonyDeroche
commented on May 20, 2024
I reproduced the bug, and it seems to be a bug of the underlying lib I'm using to decode tokens. I opened an issue on the repo of the lib. I will keep you posted as soon as I have more information.
from mod_authnz_jwt.
AnthonyDeroche
commented on May 20, 2024
The bug has been fixed, you should be able to validate tokens using my module using a PEM public key. Be careful to use libjwt v1.7.3, I updated the README with the correct version.
from mod_authnz_jwt.
andrewlear
commented on May 20, 2024
Thank you. I will put libjwt 1.7.3 into the lab and will update you with the findings.
from mod_authnz_jwt.
andrewlear
commented on May 20, 2024
I have been able to confirm that if I utilize the correct key that the JWT will validate. However, a Cognito user pool utilizes 1 of 2 keys to sign the JWT. Is there a mechanism that I can utilize to specify both keys as 2 AuthJWTSignaturePublicKeyFile entries in the Apache config, or add both keys to 1 file and have the module iterate over both keys to validate the JWT?
If you require a new JWT, let me know and I can supply that via email. Thanks.
from mod_authnz_jwt.
andrewlear
commented on May 20, 2024
I hate to be a bother with this, but are you actively working on this or can I have a friend of mine submit a pull request to work on this functionality? Thanks.
from mod_authnz_jwt.
AnthonyDeroche
commented on May 20, 2024
I just saw your messages, I'm not working on this for now, you can submit a pull request!
from mod_authnz_jwt.
Related Issues (20)
- Pass JWT via URL param, not in the Authorization header HOT 3
- Centos issues with mod_authnz_jwt
- Invalid command 'AuthJWTDeliveryType' HOT 1
- How to implement in docker HOT 3
- Using with Docker HOT 1
- Module accepts any issuer and expiration HOT 3
- Incorrect call to ap_log_rerror()
- AuthJWTProvider ldap with Require ldap-group HOT 1
- Missing Authorization header even though one is set HOT 2
- AH55204: auth_jwt authn: the expected parameter user is missing, aborting authentication HOT 1
- Valid tokens stop being accepted HOT 1
- Just a question about /login HOT 4
- Erreneously complains: Decoding process has failed, token is either malformed or signature is invalid HOT 2
- Windows support? HOT 1
- Installation does not work on OpenSuse Leap 15.2 / 15.3 because of apache module naming glitch
- Supported version of mod_authnz_jwt HOT 2
- How do I forward to another page after login? HOT 1
- Duplicate requests and Index not working HOT 2
- Decoding process has failed, token is either malformed or signature is invalid
- We are able to generate the token but not able to set the required environment variables with data stored in DB. Used AuthJWTProvider dbd technique
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mod_authnz_jwt.