Unable to generate a skinny JWT for existing Google Loyalty Object about laravel-passes HOT 9 CLOSED

I meant to file this under the "chiiya/passes" project, not here. Either way, it looks like the JWT for a LoyaltyObject can only be generated once.

That is why I was hoping to get a skinny JWT, so it can be preserved in the DB and used subsequently to obtain the loyaltyObject, even after updates are applied.

Some of the new JWTs are still 2000+ chars in size after creation, which is why I'm wondering about the option for a skinny JWT, versus the initial JWT.

from laravel-passes.

If I currently search the LoyaltyObjectRepository and get the LoyaltyObject, it is 3800+ chars, after a create a JWT for the object.

My suspicion is that this is because when Google returns a LoyaltyObject from the API, it contains more properties than what was initially specified when you created the object. For example, it also returns the complete class entity that the object is associated with ($classReference). Can you confirm that this is the case for you? I'll have a look at it, since some of these properties should definitely be stripped out for the JWT.

Some of the new JWTs are still 2000+ chars in size after creation, which is why I'm wondering about the option for a skinny JWT, versus the initial JWT.

I haven't had this issue myself. Are you using the API to store loyalty objects, or are you directly encoding the object in the JWT [1]? Did you make sure that common data that does not differ for each loyalty object is specified in the loyalty class instead? Either way, it would probably make sense to have a new feature for skinny JWTs.

This is how I am using it, for example:

$object = new OfferObject(
    classId: '0000000000000000000.some-coupon',
    id: '0000000000000000000.'.Str::uuid()->toString(),
    state: State::ACTIVE,
    barcode: new Barcode(type: BarcodeType::EAN_13, value: $code),
    validTimeInterval: new TimeInterval(
        start: new DateTime(date: $start),
        end: new DateTime(date: $expiry),
    ),
);

return $this->passes->google()->createJWT()->addOfferObject($object)->sign();

from laravel-passes.

Thanks for the response.

Yes, you are correct about the large size of the 'return object' from repo.
It's just something I encountered; because the DB is being nuked from time to time, and I wanted to ensure I could regenerate the JWT string for an existing api-object.

Thanks for the sample... useful to test with.

I'm stripping things back and creating a minimal LoyaltyObject, so that it remains small and can be used as a 'deeplink' in part of a URL, or JWT within webpage. Things are looking good, the new JWT size is small : currently <= 1400 chars

$object = new LoyaltyObject(
  classId: $classid,
  id: $obid,
  state: State::ACTIVE
);

$jwt = (new JWT([
  'iss' => $credentials->client_email,
  'key' => $credentials->private_key,
  'origins' => ['http://localhost', 'http://foobar'],
]))->addLoyaltyObject($object)->sign();

But, my most recent issue appears to be casting of the JSON object and inner array.

This is the Button/Javascript error, when loading the JWT

{
    "errorMessage": "loyaltyObjects was not a JSON array.",
    "errorCode": "INVALID_JWT"
}

The obfuscated version of the JWT. The "loyaltyObjects" key certainly is an object, not an array of objects.

{
  "iss": "[email protected]",
  "aud": "google",
  "typ": "savetoandroidpay",
  "payload": {
    "loyaltyObjects": {
      "0": {
        "classReference": null,
        "accountName": null,
        "accountId": null,
        "loyaltyPoints": null,
        "linkedOfferIds": {},
        "secondaryLoyaltyPoints": null,
        "id": "123.10000",
        "classId": "123.foo.card.1",
        "state": "ACTIVE",
        "barcode": null,
        "messages": {},
        "validTimeInterval": null,
        "locations": {},
        "hasUsers": null,
        "smartTapRedemptionValue": null,
        "hasLinkedDevice": null,
        "disableExpirationNotification": null,
        "imageModulesData": {},
        "textModulesData": {},
        "linksModuleData": null,
        "appLinkData": null,
        "heroImage": null
      }
    }
  },
  "origins": {
    "0": "http://localhost",
    "1": "http://foobar"
  },
  "iat": 1650534773
}

I'm a bit stumped on why the casting of the 'loyaltyObjects' key is bad, because a few weeks ago it worked in basic testing.

from laravel-passes.

The temporary fix for the JSON casting is to remove 'JSON_FORCE_OBJECT' in Firebase\JWT\JWT on this line:

• https://github.com/firebase/php-jwt/blob/e67638d067a537731e3f9c03e097c7c1b1f31fe8/src/JWT.php#L358

Up to this point, the Array structure of 'payload' is perfect, and the array structure is good. Final JWT is now healthy and parsed by Google Javascript.

I will have a look around to see what the best solution might be... open to ideas!

from laravel-passes.

Was your JWT issue fixed with firebase/php-jwt#420?

from laravel-passes.

I have also released a new version with fixes and improvements to the JWT generation: https://github.com/chiiya/passes/releases/tag/0.3.0.
Please let me know if this solves your issues.

from laravel-passes.

New 0.0.4 version for chiiya/laravel-passes to use the updated chiiya/passes version also tagged.

from laravel-passes.

Was your JWT issue fixed with firebase/php-jwt#420?

Yup, so all good on that front now.

Got 'valid' JSON, and able to install the pass/object onto Android device via URL anchor (deeplink) with a 2200 char JWT string. It's over the 1800 threshold, but works on Android->Chrome, which is the current requirement.

The new changes look good, thanks for those!

I guess the process to pre-create things is:

• prepare LoyaltyClass with LoyaltyClassRepository -> create($fooClass)
• prepare LoyaltyObject with LoyaltyObjectRepository -> create($fooObj)
• OR if existing LoyaltyObject with matching 'id' exists, update directly then run LoyaltyObjectRepository -> update($repoObj)
• prepare JWT, e.g. new JWT(...)-> addSkinnyLoyaltyObject($fooObj)

In the examples above, $fooObj is a newly defined LoyaltyObject, rather than a reference to a Repository Object.

It might be a while before I test all this, so probably best to close the issue out....

from laravel-passes.

Just tested the flow above, works like a charm. Skinny JWT for the LoyaltyObject is <800 chars in length now.

Thanks for rapid enhancement ;-)

from laravel-passes.