react-native-pure-jwt icon indicating copy to clipboard operation
react-native-pure-jwt copied to clipboard

Published 20 hours ago verified publisher icon zaguiini

Decode fails only on IOS

Open mplumador opened this issue 3 years ago • 4 comments

Describe the bug Utilizing the same secret, and same JWT results in different results when trying to decode on android vs IOS. Decoding is successful on android, but results in "Error: Decoding failed" error on IOS.

To Reproduce Here is an example that is currently producing this inconsistency on my devices.

import { decode } from 'react-native-pure-jwt'
const test_decode = async () => {
    try {
      let test_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJpYWxfbnVtYmVyIjoiNWYxMGExNjMtMjk2OC00ZDZkLWIyZDgtOGQxNjQwMDNlMmQ0Iiwic2VxIjo1MTI4MTYsIm5hbWUiOiJOYW1lMSIsImlkIjo2NTQsImRlc2NyaXB0aW9uIjoiVGVzdCBEZWNvZGluZyJ9.ahLaTEhdgonxb8rfLG6NjcIg6rqbGzcHkwwFtvb9KTE";
      let test_key = "SuperSecretKey";
      let test_result = await decode(test_token, test_key);
      console.log(test_result);
      } catch(error) {
        console.warn(error);
    }
  }
  test_decode();

Expected behavior Decoding should be consistent across platforms when given the same information on both.

Smartphone (please complete the following information):

  • Devices: IPhone XR, Samsung S9+

Please let me know if there is more information needed or if I am utilizing this function incorrectly.

mplumador avatar Dec 24 '21 19:12 mplumador

Are you sure that the token is valid by the time you test it in iOS? Usage looks correct.

zaguiini avatar Jun 16 '22 13:06 zaguiini

What do you mean by "valid"? I don't believe there is any weird compilation things happening in react-native to malform static strings when building for IOS. Testing the JWT + Signature on https://jwt.io returns the data and verifies the signature.

I did run into an issue with other libraries due to the key not being long enough (HS256 wants a 256 bit long secret), which could be a potential avenue for this error. I imagine some decoding library enforce this and determines the JWT as "invalid" as a result.

mplumador avatar Jul 05 '22 16:07 mplumador

Meaning it's still in the exp time range. I tried your snippet with { skipValidation: true } in the 3rd argument for decode and it worked for me:

image

That's what I see in the debugger:

image

zaguiini avatar Jul 06 '22 15:07 zaguiini

@zaguiini is right @mplumador you check this 3rd argument I also use this my function its below

export const decodeToken = async (token: any) => { try {

    const decodedToken = await decode(token, secretly, {
        skipValidation: true
    });
 
    return decodedToken;

} catch (error) {
    console.error(error);
    throw error;
}

};

wolfxpertlab avatar Apr 19 '24 06:04 wolfxpertlab