php-jwt icon indicating copy to clipboard operation
php-jwt copied to clipboard
verified publisher icon firebase

SignatureInvalidException not available on line 150 in JWT.php

Open tbobker123 opened this issue 1 year ago • 2 comments

When passing an invalid token, I am getting a PHP error. The current line is:

        if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) {
            throw new SignatureInvalidException('Signature verification failed');
        }

But as far as I can see, SignatureInvalidException is not available in this file I updated to use the included UnexpectedValueException.

Please let me know if I have this wrong or if there really is some code error.

tbobker123 avatar Dec 13 '24 13:12 tbobker123

The SignatureInvalidException class does exist in the same folder and namespace. What is the exact error you are seeing?

Krisell avatar Dec 13 '24 13:12 Krisell

I get this error in my log:

PHP Fatal error: Uncaught Error: Class "Firebase\JWT\SignatureInvalidException" not found in /var/www/..../includes/php-jwt-main/src/JWT.php:150

tbobker123 avatar Dec 13 '24 15:12 tbobker123

on top of this if the signature $sig contains an extra char like " or ", at the end of the token it's still considering it valid, will you be able to add some validation that the signature is a valid base64 string?

paolo-blocklabs avatar Jul 10 '25 07:07 paolo-blocklabs