"jwt.lua": HS256 signature validation fails which reason as "internal error"

[sanjamoh19781]

My env:

• nginx version: openresty/1.13.6.2
• JWT lua scripts -> https://github.com/auth0/nginx-jwt/releases/download/v1.0.1/nginx-jwt.tar.gz
  • The default FFI adapter bundled -> --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib

After debug i stuck up at hmac.lua at function _M.new(self, key, hashalgo). It seems it returns "nil' to the caller in JWT.lua. I doubt something going worng with 'require "ffi"'_ in hmac.lua, though not sure.

Log snippet from nginx error.log: 2018/05/30 13:42:41 [warn] 11009#11009: 1 [lua] jwt.lua:109: my signsecret3, client: 127.0.0.1, server: , request: "POST /pps/v3/core/bookings/createEventBooking HTTP/1.1", host: "localhost:8080" 2018/05/30 13:42:41 [warn] 11009#11009: 1 [lua] hmac.lua:92: new(): inside hmac(in new)secret3, client: 127.0.0.1, server: , request: "POST /pps/v3/core/bookings/createEventBooking HTTP/1.1", host: "localhost:8080" 2018/05/30 13:42:41 [warn] 11009#11009: *1 [lua] nginx-jwt.lua:51: auth(): Invalid token: internal error, client: 127.0.0.1, server: , request: "POST /pps/v3/core/bookings/createEventBooking HTTP/1.1", host: "localhost:8080"

Any help appreciated?

Thanks, Sanjay

[albertaparicio]

I am having the same problem here. OpenResty version is 1.13.6.2

I am trying to verify a JWT token (I can verify it in jwt.io), but the result is negative, with HS256 algorithm and reason 'internal error'.

Any ideas on when has this started to happen?

Thanks

[albertaparicio]

I have downgraded the openresty, openresty-opm and openresty-resty packages back to version 1.13.6.1 and it all works fine.

[sanjamoh19781]

Apologies for not seeing the post since long. Thank you @albertaparicio for the info. Infact i had tried with a older version before, still it did not work. Let me see to do it with a new VM.

[cliveeisen]

Replace the hmac.lua (sum 48606) with the one at https://github.com/jkeys089/lua-resty-hmac (sum 54340) and it all works again

[dolivervl]

@cliveeisen Thank you, u tip works for me !!!!

[and1990]

I have meet this problem. Downgrade the Openresty version works for me.

My case:

1. It worked fine with Openresty version 1.11.2.5.
2. Then I upgraded Openresty, its version is 1.13.6.1.
3. It showed 'internal error' when i used JWT library to verify user's token. I had tried multiple ways to solve this problem, but none of them worked.
4. Finally, I returned back to 1.11.2.5 , everything is ok.

[lwhile]

The OpenSSL version used by Openresty 1.13.6.2 was upgraded to 1.1.0.

Must upgrade the dependent of lua-resty-hmac.

[zandbelt]

see https://github.com/SkyLothar/lua-resty-jwt/issues/85 for the alternative repo for this lib

[EtachGu]

Replace the hmac.lua (sum 48606) with the one at https://github.com/jkeys089/lua-resty-hmac (sum 54340) and it all works again

after replace hmac.lua, it works