search

AnthonyDeroche / mod_authnz_jwt

An authentication module for Apache httpd using JSON Web Tokens
Other
79 stars 46 forks source link

[HELP] Always getting: Token is malformed or signature is invalid #37

Closed Ahmadre closed 3 years ago

Ahmadre commented 5 years ago

I tried the minimal configuration for just securing a folder on my apache2 webserver. I am always getting:

Bildschirmfoto 2019-06-18 um 00 42 37

I tried both http and https.

I set the Authorization Header like "Bearer eylskdvnsdlns...." and give apache the private key and here's my apache2 config:

<VirtualHost *:443>
    ServerName sub.domain.com

    ServerAdmin root@domain.com
    DocumentRoot /var/www/test

    AuthJWTSignatureAlgorithm HS512
    AuthJWTSignatureSharedSecret r9yfFB8Bf......RKBv

    <Directory /var/www/test/secured/>
        AllowOverride None
        AuthType jwt
        AuthName "private"
        Require valid-user
    </Directory>
    ...
</VirtualHost>

Please help me, I don't know why apache can't decode my json webtoken. on JWT.io it's valid if I enter my secret private key.

kind regads. Rebar

Sent from my Pixel 2 XL using FastHub

weh commented 5 years ago

did you encode the Secret in Base64?

AuthJWTSignatureSharedSecret: The secret to use to sign tokens with HMACs. It must be base64 encoded.