Open KevinNaidoo opened 4 months ago
I've run into a similar issue and have identified the problem as being incompatible signature format.
In the product I am working on I am attempting to validate JWTs whose signatures were produced by google cloud's KMS. In KMS signature verification example doc we can see the doc writers assume a KMS-generated signature would be in ASN1 format:
// Verify Elliptic Curve signature.
var parsedSig struct{ R, S *big.Int }
if _, err = asn1.Unmarshal(signature, &parsedSig); err != nil {
return fmt.Errorf("asn1.Unmarshal: %w", err)
}
But jsonwebtoken
seems to assume a PKCS#11 style "fixed" signature serialization format
With no way to prefer (when signing) or detect (when verifying) the use of ASN1 for signature serialization.
I'd be willing to submit a PR to address this issue if the maintainer could provide guidance on the preferred approach for enabling the detection or selection of signature serialization format at the public crate api level. I imagine it could be as simple as providing encode_asn1
and decode_asn1
funtions.
Hi,
I am having an issue when I use my generated token on other services (like pasting on the jwt.io website), it gives me an "Invalid signature". I have the following minimal example:-
and I generate my keys like so:-
The code works fine, no issues.
Any idea what the issue could be? I am generating my own access tokens to use with other services.
Thank you.