JSONWebToken.swift icon indicating copy to clipboard operation
JSONWebToken.swift copied to clipboard

Published 20 hours ago verified publisher icon kylef

Failed to decode JWT: Unsupported algorithm or incorrect key for HS256 Algorithm.

Open caffieneToCode opened this issue 6 years ago • 1 comments

Hi @kylef This library is removing HS256 algorithm by filtering it in verifiedAlgorithms in the snippet below.

func verifySignature(_ algorithms: [Algorithm], header: JOSEHeader, signingInput: String, signature: Data) throws {
  guard let alg = header.algorithm else {
    throw InvalidToken.decodeError("Missing Algorithm")
  }

  let verifiedAlgorithms = algorithms
    .filter { algorithm in algorithm.description == alg }
    .filter { algorithm in algorithm.verify(signingInput, signature: signature) }

  if verifiedAlgorithms.isEmpty {
    throw InvalidToken.invalidAlgorithm
  }
}

/// Verify a signature for a message using the algorithm

  func verify(_ message: String, signature: Data) -> Bool {
    return sign(message) == base64encode(signature)        // Because this returns false
  }

This works completely fine on jwt.io and the signature verifies correctly. screenshot 2019-02-21 at 12 56 03 pm

Any Idea what went wrong here? Because this works with other libraries..

caffieneToCode avatar Feb 21 '19 07:02 caffieneToCode

any update on this?

hadiidbouk avatar Feb 26 '19 14:02 hadiidbouk