cloudflare-worker-jwt icon indicating copy to clipboard operation
cloudflare-worker-jwt copied to clipboard

Published 20 hours ago verified publisher icon tsndr

fix for base64 secrets

Open badoge opened this issue 3 years ago • 5 comments

fixes #15

I was still having the same issue with 1.4.1 but I played around with it and replacing https://github.com/tsndr/cloudflare-worker-jwt/blob/594cdd6c05e2b0f137a7d0b53340cd212a9e9ba5/index.js#L114 and https://github.com/tsndr/cloudflare-worker-jwt/blob/594cdd6c05e2b0f137a7d0b53340cd212a9e9ba5/index.js#L77

with keyData = Base64URL.parse(secret) fixed the issue for me but I also needed to add a check for non base64 secrets.

badoge avatar Jun 04 '22 19:06 badoge

Can you please verify if this is still the case with v2.0.0?

tsndr avatar Jun 29 '22 22:06 tsndr

Issue is still there on 2.0.0

badoge avatar Jun 29 '22 23:06 badoge

Unfortunatly, those changes make the test fail.

Screen Shot 2022-06-30 at 11 54 49 AM

tsndr avatar Jun 30 '22 09:06 tsndr

So if you can implement it without breaking HSxxx I will merge it :)

tsndr avatar Jun 30 '22 10:06 tsndr

I updated the PR to use the 2.0.0 source, but I'm not confident that it will be reliable and was instead thinking of adding an extra parameter to sign() and verify() to indicate that the secret is base64 encoded

badoge avatar Jul 03 '22 02:07 badoge