JSONWebToken.swift icon indicating copy to clipboard operation
JSONWebToken.swift copied to clipboard

Published 20 hours ago verified publisher icon kylef

Error "Failed to decode JWT: Unsupported algorithm or incorrect key" when I'm trying to decode my token

Open aluco100 opened this issue 7 years ago • 5 comments

I have the following code:

if let user = response.result.value{
                    do {
                        let claims: ClaimSet = try JWT.decode(user.access_token, algorithm: .hs256(self.jwtSecret.data(using: .utf8)!))
                        user.id = claims["sub"] as! Int
                        user.iss = claims["iss"] as! String
                        print(claims)
                     } catch {
                        print("Failed to decode JWT: \(error)")
                        reject(error)
                    }
}

But I have that error. Now when I'm validating on jwt.io I had a valid decodification. There's a picture of that validation:

captura de pantalla 2017-10-05 a la s 13 02 22

So i dont understand what am I doing wrong. Any suggestion?

Best Regards

aluco100 avatar Oct 05 '17 16:10 aluco100

This library only supports the HS* algorithms listed at https://github.com/kylef/JSONWebToken.swift#algorithms. You are using the RS256 algorithm which is not supported by this library.

kylef avatar Oct 05 '17 16:10 kylef

Well, What can I do ?

aluco100 avatar Oct 05 '17 18:10 aluco100

Hi Kyle,

There is a pending pull request from Anders Melen for adding RS256 and RS512 support… could you please take a look at that, as it would help us too!

Thanks, —Lou

Lou Krieg, President Green Mountain Software 802.865.2728 (office) 802.355.8355 (cell) www.GreenMountainSoftware.comhttp://www.greenmountainsoftware.com [https://greenmountainsoftware.com/wp-content/uploads/2017/09/GMS-LOGO-COLOR.png] http://www.greenmountainsoftware.com

On Oct 5, 2017, at 12:14 PM, Kyle Fuller <[email protected]mailto:[email protected]> wrote:

This library only supports the HS* algorithms listed at https://github.com/kylef/JSONWebToken.swift#algorithms. You are using the RS256 algorithm which is not supported by this library.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/kylef/JSONWebToken.swift/issues/90#issuecomment-334515428, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AD7cZf1bZNrAUaWBys5bzZgm2_JqvqCGks5spQBjgaJpZM4PvUsj.

loukrieg avatar Oct 06 '17 17:10 loukrieg

We do need that RS512 pull request to be handled...

georgeathanasopoulositt avatar Jan 31 '19 11:01 georgeathanasopoulositt

Hi @kylef This error is quite recurring even with HS256 algorithm, while debugging the library, I found that the algorithm passed to decode is being filtered out from the below method.

func verifySignature(_ algorithms: [Algorithm], header: JOSEHeader, signingInput: String, signature: Data) throws {
  guard let alg = header.algorithm else {
    throw InvalidToken.decodeError("Missing Algorithm")
  }

  let verifiedAlgorithms = algorithms
    .filter { algorithm in algorithm.description == alg }
    .filter { algorithm in algorithm.verify(signingInput, signature: signature) }

  if verifiedAlgorithms.isEmpty {
    throw InvalidToken.invalidAlgorithm
  }
}

/// Verify a signature for a message using the algorithm

  func verify(_ message: String, signature: Data) -> Bool {
    return sign(message) == base64encode(signature)        // Because this returns false
  }

Any Idea what went wrong here? Because this works with other libraries..

caffieneToCode avatar Feb 19 '19 13:02 caffieneToCode