search

arendajaelu / nestjs-passport-apple

Apple Passport Strategy for Apple Login (dedicated to Nestjs)
MIT License
16 stars 6 forks source link

ERR_OSSL_PEM_NO_START_LINE #4

Open pankajjha opened 1 year ago

pankajjha commented 1 year ago

Hi, I am getting this error on my callback function

Node: v16.19.1 @arendajaelu/nestjs-passport-apple: ^1.0.4 @nestjs/core: ^9.1.2

Getting Error: error:0909006C:PEM routines:get_name:no start line

Here's complete exception

Error: error:0909006C:PEM routines:get_name:no start line
    at Sign.sign (node:internal/crypto/sig:131:29)
    at sign (/root/projects/dev/node_modules/jwa/index.js:152:45)
    at Object.sign (/root/projects/dev/node_modules/jwa/index.js:200:27)
    at Object.jwsSign [as sign] (/root/projects/dev/node_modules/jws/lib/sign-stream.js:32:24)
    at Object.module.exports [as sign] (/root/projects/dev/node_modules/jsonwebtoken/sign.js:204:16)
    at AppleStrategy._getClientSecret (/root/projects/dev/node_modules/@arendajaelu/nestjs-passport-apple/src/strategy.js:251:21)
    at AppleStrategy._getOAuth2Client (/root/projects/dev/node_modules/@arendajaelu/nestjs-passport-apple/src/strategy.js:268:48)
    at /root/projects/dev/node_modules/@arendajaelu/nestjs-passport-apple/src/strategy.js:126:41
    at NullStore.verify (/root/projects/dev/node_modules/@arendajaelu/nestjs-passport-apple/src/state/null.js:7:9)
    at AppleStrategy.authenticate (/root/projects/dev/node_modules/@arendajaelu/nestjs-passport-apple/src/strategy.js:117:34) {
  library: 'PEM routines',
  function: 'get_name',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE'
}

Here's my Callback url function

@ApiExcludeEndpoint()
@Post('login/apple/redirect')
@UseGuards(AuthGuard("apple"))
async appleAuthRedirect(@Body() body, @Req() req, @Res() res) {
        try{
            console.log(req, body)
        } catch(e) {
            console.log(e)
        }
}
pankajjha commented 1 year ago

I found the problem

jwt.sign({}, this._key, {
    algorithm: 'ES256',
    keyid: this._keyID,
    expiresIn: this._clientSecretExpiry,
    issuer: this._teamID,
    audience: 'https://appleid.apple.com',
    subject: this._clientID
})

It seems jwt.sign function doesn't respect key file path and needs literal key

when I changed .env APPLE_KEYFILE_PATH from ./location/keyfile.p8 to "-----BEGIN PRIVATE KEY-----\nsdad...\nasda...\n-----END PRIVATE KEY----- it started to work just fine

t4eng commented 1 year ago

login/apple/redirect remove @UseGuards(AuthGuard("apple")) work for me

...
@Post('login/apple/redirect')
async appleAuthRedirect(@Body() body, @Req() req, @Res() res) {
        try{
            console.log(req, body)
        } catch(e) {
            console.log(e)
        }
}