arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
393 stars 112 forks source link

PEM encoded public keys #52

Closed jonahcwest closed 5 years ago

jonahcwest commented 5 years ago

Using a PEM encoded public key like the following:

-----BEGIN CERTIFICATE-----
abc123...
-----END CERTIFICATE-----

And decoding it with the following:

try {
    auto decoded = jwt::decode(token, algorithms({"rs256"}), secret(cert));
} catch (jwt::InvalidSignatureError &e) {
    std::cout << e.what();
}

where cert is the certificate above, a jwt::InvalidSignatureError is thrown with the message verification failed. Using the same certificate on jwt.io with a valid token works. Does the certificate need to be processed by something else before it can be used to decode a token? If so, should documentation be added for this? I'm using the Google Sign-In API and most of the other libraries I've used work fine.

arun11299 commented 5 years ago

@jonahcwest Would it be possible to share the certificate that you are testing with privately ? If you can please do send it out on arun11299@gmail.com.

Also provide the OS, openssl version that you are using.

jonahcwest commented 5 years ago

The certificate is the Google OAuth certificate from googleapis.com/oauth2/v1/certs. The result of openssl version is OpenSSL 1.1.1c 28 May 2019. I'm using the debian:buster Docker image.

I'm pretty sure I was using the correct key and all, but I'm going to give it another shot.