search

arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
395 stars 111 forks source link

Invalid issuer with no option for this #46

Open Ludea opened 5 years ago

Ludea commented 5 years ago

Hello,

I try to decode and verify a remote jwt. I check error value, and get a InvalidIssuer And I get {"alg":"none","typ":"JWT"} null Here my code

void api::verify_token(std::string token)
{
        jwt::string_view encoded_token = token ;
        auto decoded_token = jwt::decode(encoded_token, algorithms({"hs256"}), ec, secret(key), verify(true));
        switch(ec.value())
        {
        case static_cast<int>(jwt::VerificationErrc::InvalidAlgorithm):
                std::cout<<"error"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::TokenExpired):
                std::cout<<"error1"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidIssuer):
                std::cout<<"error2"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidSubject):
                std::cout<<"error3"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidIAT):
                std::cout<<"error4"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidJTI):
                std::cout<<"error5"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidAudience):
                std::cout<<"error6"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::ImmatureSignature):
                std::cout<<"error7"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::InvalidSignature):
                std::cout<<"error8"<<std::endl;
        break;
        case static_cast<int>(jwt::VerificationErrc::TypeConversionError):
                std::cout<<"error9"<<std::endl;
        break;
//      default:
        }
        std::cout << token <<std::endl;
        std::cout << decoded_token.header() << std::endl;
        std::cout << decoded_token.payload() << std::endl;

}

If I try to decode my jwt from jwt.io, there is no issue, with no issuer field

arun11299 commented 5 years ago

Hi @Ludea Would you be able to provide me the token and the key to reproduce the issue ? Please feel free to mail me (arun11299@gmail.com) if it is something you cannot share on github but can share it privately.

Thanks!