Comments (6)
silverl
commented on June 7, 2024
2
In the latest version of league/oauth2-server, they've changed it to this:
/**
* Initialise the JWT Configuration.
*/
public function initJwtConfiguration()
{
$this->jwtConfiguration = Configuration::forAsymmetricSigner(
new Sha256(),
InMemory::plainText($this->privateKey->getKeyContents(), $this->privateKey->getPassPhrase() ?? ''),
InMemory::plainText('empty', 'empty')
);
}
This appears to allow authentication to proceed. Can that use of 'empty' for the InMemory be correct though?
from jwt.
lcobucci
commented on June 7, 2024
I'm really unfamiliar with the library you're referring to.
It seems like the configuration you've provided isn't being passed on to the jwt library, causing the issue.
My suggestion would be double checking logs, stack traces, and documentation to try and find out what's happening.
Also verify that your error_reporting in php.ini, as we trigger deprecation errors which might be (incorrectly) considered as breaking errors and stop the flow of the application.
from jwt.
silverl
commented on June 7, 2024
Thanks, you reminded me of something and I got this stack trace from the failed auth attempt:
023-01-19 21:44:59 ta-mediawiki devmediawiki: [17d87e707f9434b330fcbf0d] /w/rest.php/oauth2/access_token Lcobucci\JWT\Signer\InvalidKeyProvided from line 34 of /var/www/devmediawiki-1.35.7/w/vendor/lcobucci/jwt/src/Signer/InvalidKeyProvided.php: Key cannot be empty
#0 /var/www/devmediawiki-1.35.7/w/vendor/lcobucci/jwt/src/Signer/Key/InMemory.php(25): Lcobucci\JWT\Signer\InvalidKeyProvided::cannotBeEmpty()
#1 /var/www/devmediawiki-1.35.7/w/vendor/lcobucci/jwt/src/Signer/Key/InMemory.php(44): Lcobucci\JWT\Signer\Key\InMemory->__construct()
#2 /var/www/devmediawiki-1.35.7/w/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php(50): Lcobucci\JWT\Signer\Key\InMemory::plainText()
#3 /var/www/devmediawiki-1.35.7/w/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php(61): MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity->initJwtConfiguration()
#4 /var/www/devmediawiki-1.35.7/w/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php(79): MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity->convertToJWT()
#5 /var/www/devmediawiki-1.35.7/w/vendor/league/oauth2-server/src/ResponseTypes/BearerTokenResponse.php(31): MediaWiki\Extensions\OAuth\Entity\AccessTokenEntity->__toString()
#6 /var/www/devmediawiki-1.35.7/w/vendor/league/oauth2-server/src/AuthorizationServer.php(202): League\OAuth2\Server\ResponseTypes\BearerTokenResponse->generateHttpResponse()
#7 /var/www/devmediawiki-1.35.7/w/extensions/OAuth/src/AuthorizationProvider/AccessToken.php(22): League\OAuth2\Server\AuthorizationServer->respondToAccessTokenRequest()
#8 /var/www/devmediawiki-1.35.7/w/extensions/OAuth/src/Rest/Handler/AccessToken.php(40): MediaWiki\Extensions\OAuth\AuthorizationProvider\AccessToken->getAccessTokens()
#9 /var/www/devmediawiki-1.35.7/w/includes/Rest/Router.php(365): MediaWiki\Extensions\OAuth\Rest\Handler\AccessToken->execute()
#10 /var/www/devmediawiki-1.35.7/w/includes/Rest/Router.php(320): MediaWiki\Rest\Router->executeHandler()
#11 /var/www/devmediawiki-1.35.7/w/includes/Rest/EntryPoint.php(144): MediaWiki\Rest\Router->execute()
#12 /var/www/devmediawiki-1.35.7/w/includes/Rest/EntryPoint.php(111): MediaWiki\Rest\EntryPoint->execute()
#13 /var/www/devmediawiki-1.35.7/w/rest.php(31): MediaWiki\Rest\EntryPoint::main()
#14 {main}
from jwt.
silverl
commented on June 7, 2024
I'm seeing this code in dependency vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php.
Could that empty in-memory key be to blame? What's the right thing to do here?
/**
* Initialise the JWT Configuration.
*/
public function initJwtConfiguration()
{
$this->jwtConfiguration = Configuration::forAsymmetricSigner(
new Sha256(),
LocalFileReference::file($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase() ?? ''),
InMemory::plainText('')
);
}
from jwt.
ralbear
commented on June 7, 2024
Adding empty works for me as well
from jwt.
lcobucci
commented on June 7, 2024
Can that use of 'empty' for the InMemory be correct though?
It seems like that object is only being used as a dummy to fill in the required information to create the object.
Although it works fine, it is impacted on updates we do to the InMemory implementation. An alternative would be to use an anonymous class to provide that same dummy object and claim responsibility over its evolution.
Closing here since we've pinpointed the root cause 👍
from jwt.
Related Issues (20)
- Uncaught Error: Class "Lcobucci\JWT\JwtFacade" not found HOT 1
- error Undefined method 'claims'. HOT 1
- Suggestion: Make Parser methods public HOT 6
- It was not possible to parse your key, reason: error:0480006C:PEM routines::no start line HOT 2
- Getting error * error:0906D06C:PEM routines:PEM_read_bio:no start line HOT 3
- Class "Lcobucci\JWT\Validation\Constraint\LooseValidAt" not found HOT 4
- Builder#withClaim() is meant to be used for non-registered claims, check the documentation on how to set claim \"sub\"" HOT 3
- Wrong timezone while parsing jet HOT 1
- Uncaught Error: Class "Lcobucci\JWT\JwtFacade" not found in version 5.1 HOT 2
- Impossible to parse private key HOT 2
- JWT token signature is not validated when parsing from configuration HOT 3
- Failed to parse token using the decoder key ECDSA with Sha384 HOT 4
- Class Lcobucci\JWT\Signer\Key\InMemory may not inherit from final class HOT 8
- Add claims() function to token interface HOT 4
- Remove UnifyAudience ClaimFormatter HOT 5
- Sha256::create() method doesn't exist HOT 3
- Cannot instantiate interface Lcobucci\JWT\Signer\Ecdsa\SignatureConverter HOT 14
- Sha256::create() HOT 1
- Key parse: error:1E08010C:DECODER routines::unsupported HOT 1
- 3.x isn't compatible with PHP ^8.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.