Comments (9)
This seems like a similar problem. Read the last response: https://community.auth0.com/t/auth0-access-token-is-missing-the-jws-payload/71674/5
from jwx.
You are using v1?
from jwx.
So I noticed I was using v1 and switched over to v2. Thankfully, I'm not getting the same error. However I'm now getting a new error:
6:39AM ERR error="failed to find a valid token in any location of the request (tried: [header keys: \"Authorization\"]). Additionally, errors were encountered during attempts to parse headers: ([header key: \"Authorization\", error: \"unsupported format (layer: #1)\"])"
from jwx.
Right, I think you are using v1.
In v1, we tried to work with messages that looked like JWE(JWS(payload))
or JWS(JWE(payload))
gracefully. In hindsight this was silly, so it has been removed as of v2.
In v1, the heuristic for determining the message type is done in jwx.GuessFormat
. There are a bunch of reasons why jwx.GuessFormat
would think that the payload is JWE, but here are some of those:
- The payload contains 4 "."s
- The payload contains the field "ciphertext" after base64 decoding is done.
It is extremely rare that you would find the field "ciphertext" in your payload, so I would assume that you have a payload that does not look like JWS.
Without seeing the actual payload, that's all I can say, really.
from jwx.
So the error message says that it tried looking for the JWT payload inside Authorization header, and couldn't parse it. Did you check if you have a proper JWT payload in the authorization header?
from jwx.
So this is the header...
authorization: Bearer eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtbnloNWk0MDcudXMuYXV0aDAuY29tLyJ9..vv7RwXbIMuqoE9Bs.BtdlzXAp3W_lFre0wbmeOahQLyyq7BFLdyagAj1udNPk6RqHnb9tpXC34XApbptEtee-mHJgG-djSJBrr3Ky1Ngq43YxIhJjZ87E1BV9h-8-qpR5j49Y4hLDRGSelVtegjye9Zb2qQM73DZaeL9T9ChnEgMoziV07MqM_dqF4l51d73_UPnAIYjNthVhVrpYzsMahhJDJEoevBT63AH0JH3GHQ6GcwNhqVbDslNfwz63DhV_vEK35ot6tXCRHPc6RM62FfocsjoyogDdWgdTD8uM1w9Ok3WI83zd3CCBws4naFuVJs7WIX6Ot920ydm6hISNvHZdSpUoYN71Eky0rFUEkx79-fxKGgKZoDllV5K5KEwXPYA2h60kxfAKjbeLWKSx1nd4HIRdpcoDAWWGzy-CSg.XVcURxNxx5obO9YpDue44Q
It's the Auth0 access_token
. Another library is able to parse this token using the rsa.PrivateKey
generated from your library, so I'm unsure why this wouldn't be working. Let me try extracting the header and feeding in the bytes to Parse
to see what happens.
from jwx.
Wait a sec... that's odd. That JWT token has four segments. This is the token I'm receiving from Auth0...
from jwx.
Before going any further, this is definitely wrong:
And I do see 4 dots, so it definitely looks like a JWE encrypted message. In which case it would be syntactically valid to have two consecutive dots there, because that just means it's an empty protected header.
I have no clue about Auth0 and its access tokens, but it just feels wrong.
from jwx.
Unreal... three hours wasted. Thank you for sending that over. Not providing an audience returns an encrypted payload.
THANK YOU!!!
from jwx.
Related Issues (20)
- Example of decrypting a JWT? HOT 1
- jwt.ParseInsecure return verification error HOT 4
- jws.UnregisterSigner does not remove the underlying signer from the global signers map HOT 4
- `WithInferAlgorithmFromKey` should cache inferences alas HOT 3
- Simple custom field on a JWT token HOT 5
- Update go version within go.mod
- `jwk.SetGlobalFetcher` requires object implementing interface with unexported methods HOT 19
- Expose function to check if `jws.Verify` failed with `verifyError` or not HOT 6
- OpaqueKeyDecrypter for JWE HOT 11
- Provide a way to shutdown http cache fetcher to avoid go-routine leaks. HOT 10
- Problem setting key_ops key value HOT 4
- When generating encrypted JWTs using jwt.Serializer, most `jwe.EncryptOption` are ineffective HOT 1
- Decoding a Microsoft OAuth token: use of "jku" field specified, but the field is empty HOT 8
- PR for JAdES Signatures HOT 2
- jwt.Parse silently fails if alg isn't included in JWK HOT 7
- x509 can't support secp256k1 when calling jwk.Pem HOT 4
- Outdated example for iterating through keyset in `v2/jwk` readme HOT 2
- Allow `jwk.Cache` to use a custom `HTTPClient` object. HOT 3
- Add support for ShangMi SM2 Public Key HOT 5
- jws.Sign() allows jwa.RS256 alg when using ECDSA key HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwx.