Closed BachLeFPT closed 4 years ago
in file lib/SymBotAuth/index.js, I see that we are using private key of bot user for create jwt of app
lib/SymBotAuth/index.js
SymBotAuth.getJwtToken = (symConfig, sub = symConfig.botUsername) => { const signingKey = fs.readFileSync(symConfig.botPrivateKeyPath + symConfig.botPrivateKeyName, 'utf8') const jwt = nJwt.create({ sub }, signingKey, 'RS512') jwt.setExpiration(new Date().getTime() + (3 * 60 * 1000)) const token = jwt.compact() SymBotAuth.jwtToken = token return token } SymBotAuth.getAppJwtToken = (symConfig) => SymBotAuth.getJwtToken(symConfig, symConfig.appId)
So, I think we should code like this:
SymBotAuth.getJwtToken = (symConfig, sub = symConfig.botUsername, signingKey) => { signingKey = signingKey || fs.readFileSync(symConfig.botPrivateKeyPath + symConfig.botPrivateKeyName, 'utf8'); const jwt = nJwt.create({ sub }, signingKey, 'RS512'); jwt.setExpiration(new Date().getTime() + (3 * 60 * 1000)); const token = jwt.compact(); SymBotAuth.jwtToken = token; return token; }; SymBotAuth.getAppJwtToken = (symConfig) => { return SymBotAuth.getJwtToken(symConfig, symConfig.appId, fs.readFileSync(symConfig.appPrivateKeyPath + symConfig.appPrivateKeyName, 'utf8')); };
Thanks for the report of this bug. Have merged the fix into version 1.0.13 available here https://www.npmjs.com/package/symphony-api-client-node
in file
lib/SymBotAuth/index.js
, I see that we are using private key of bot user for create jwt of appSo, I think we should code like this: