[BUG] Wrong signingKey for SymBotAuth.getAppJwtToken

[BachLeFPT]

in file lib/SymBotAuth/index.js, I see that we are using private key of bot user for create jwt of app

SymBotAuth.getJwtToken = (symConfig, sub = symConfig.botUsername) => {
  const signingKey = fs.readFileSync(symConfig.botPrivateKeyPath + symConfig.botPrivateKeyName, 'utf8')
  const jwt = nJwt.create({ sub }, signingKey, 'RS512')
  jwt.setExpiration(new Date().getTime() + (3 * 60 * 1000))
  const token = jwt.compact()
  SymBotAuth.jwtToken = token

  return token
}

SymBotAuth.getAppJwtToken = (symConfig) => SymBotAuth.getJwtToken(symConfig, symConfig.appId)

So, I think we should code like this:

SymBotAuth.getJwtToken = (symConfig, sub = symConfig.botUsername, signingKey) => {
  signingKey = signingKey || fs.readFileSync(symConfig.botPrivateKeyPath + symConfig.botPrivateKeyName, 'utf8');
  const jwt = nJwt.create({ sub }, signingKey, 'RS512');
  jwt.setExpiration(new Date().getTime() + (3 * 60 * 1000));
  const token = jwt.compact();
  SymBotAuth.jwtToken = token;

  return token;
};

SymBotAuth.getAppJwtToken = (symConfig) => {
  return SymBotAuth.getJwtToken(symConfig, symConfig.appId, fs.readFileSync(symConfig.appPrivateKeyPath + symConfig.appPrivateKeyName, 'utf8'));
};

[mistryvinay]

Thanks for the report of this bug. Have merged the fix into version 1.0.13 available here https://www.npmjs.com/package/symphony-api-client-node