Comments (2)
Hi @anakinj, thanks for your reply and sorry I'm only replying now. This was indeed a padding issue with the JWK. After trying a few things, we figured out that all we needed was to apply zero-padding to the non-encoded value, which we achieved this way:
private def apply_zero_padding_as_needed(jwk)
valid_jwk = jwk.clone
%i(x y).each do |elem|
coords = Base64.urlsafe_decode64(valid_jwk[elem])
length = coords.length
diff = EXPECTED_COORDS_LENGTH - length # 66 bytes
valid_jwk[elem] = Base64.urlsafe_encode64(("\x00" * diff) + coords) if diff > 0
end
valid_jwk
end
The error was neither with Ruby's openssl
nor with the jwt
gem. 👍
from ruby-jwt.
A little disclaimer: Im not an EC expert :)
It looks like the X value in the key is missing something, the encoded value is one char shorter than the y value. Is this JWK published publicly somewhere?
Also switching the x
value to a valid encoded number makes the error different:
JWT::JWK::EC.import(
kty: 'EC',
crv: 'P-521',
x: 'oLuW4nFqoUuR8d7FVsUoI62libYdQlWGtLStnqdudLY92bQ0ra5eZAbkunrGTR9-w9mr4o2Etyb6pC7YB2-23WM',
y: 'AX1cjkGMiltikPrkX49qwuJDdcETaTsj-kyFP8jsF9W5XAB3Z4tBiQtc72DQnJYeKyAV_T6qZTtFKFr-Tp4iu-j7'
) => EC_POINT_bn2point: invalid encoding
JWT::JWK::EC.import(
kty: 'EC',
crv: 'P-521',
x: 'AafgvMTsTt3-Z7g663VUz0CwW7GN8x83YV-dFwylobgjUKaGRuCgCvpOj5OP1mDPm7CHwGhI-yKUtMDYNfu7O_Uz',
y: 'AX1cjkGMiltikPrkX49qwuJDdcETaTsj-kyFP8jsF9W5XAB3Z4tBiQtc72DQnJYeKyAV_T6qZTtFKFr-Tp4iu-j7'
) => EC_POINT_bn2point: point is not on curve
from ruby-jwt.
Related Issues (20)
- JWT::JWK::EC#public_key returns unexpected type HOT 2
- Cannot create JWK from a Hash HOT 2
- Unable to use JWT::JWK::Set HOT 4
- Missing JWK `alg` causes an error. HOT 4
- Encode Param HOT 1
- Aim for ruby-jwt 3.x HOT 4
- Drop support for the HS512256 algorithm
- Reduce the use of rbnacl to the algorithms openssl actually does not support
- Drop the custom Base64 encode and decode to favour the built-in methods
- Are there breaking changes between 1.x and 2.x? HOT 2
- Possibility to override the alg header when encoding tokens HOT 2
- Bug: undefined method `casecmp' for nil:NilClass when invalid alg
- Support x5t in place of kid
- verification of at_hash == access_token HOT 4
- OpenSSL 3 - Unable to create OpenSSL::PKey instances from pem/der/asn sequences HOT 1
- Alg optional member Readme HOT 5
- Yeah steady stay
- 50
- 100 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-jwt.