search

auth0 / node-jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
MIT License
17.71k stars 1.23k forks source link

jwt.verify RS256 "TypeError: Cannot read property '2' of nul" #668

Open scrimmie opened 4 years ago

scrimmie commented 4 years ago

Description

I am attempting to verify a JWT token that is encoded with RS256 algorithm. When using the function jwt.verify I have handed the function both the private secret and the public key and no matter the variation I use I keep receiving this error.

jwt.verify(token, PublicKey, {algorithms : ['RS256']})

index.js:1 TypeError: Cannot read property '2' of null at push../node_modules/parse-asn1/fixProc.js.module.exports (fixProc.js:14) at parseKeys (index.js:19) at verify (verify.js:8) at Verify.verifyMethod [as verify] (index.js:75) at Object.verify (index.js:164) at Object.jwsVerify [as verify] (verify-stream.js:54) at verify.js:127 at getSecret (verify.js:90) at Object.push../node_modules/jsonwebtoken/verify.js.module.exports [as verify] (verify.js:94) at SignInButton.jsx:61 at Array.forEach (<anonymous>) at SignInButton.jsx:58

I was hoping someone could clarify the requirements needed (key wise) to verify a RS256 JWT as well as explain the format of the key (cert, pem, etc.).

TAnas0 commented 4 years ago

I have high suspicions that your are running into a typing error. Could please share the related remaining code, especially the PublicKey

GiacomoVoss commented 4 years ago

I have the same problem, any info on that?

GiacomoVoss commented 4 years ago

I found a solution: The problem is that the public key must be in PEM format. If you need to generate a key pair with both public and private key in PEM format, I suggest to use openssl:

openssl genrsa -out private.pem 2048 openssl rsa -in private.pem -pubout -out public.pem

Fimbelowski commented 4 years ago

Hello,

I'm getting this error while attempting to use jwt.sign() with ES256 encoding.

Here is where I am calling jwt.sign()

    this.jwt = jwt.sign(this.jwtPayload, PRIVATE_KEY, this.jwtOptions);

where

      jwtOptions: {
        algorithm: 'ES256',
        header: {
          kid: KEY_ID,
          typ: 'JWT',
        },
      },
      jwtPayload: {
        iss: TEAM_ID,
      },
dostuffthatmatters commented 4 years ago

The public key should just be a string and not be dependent on the file format ...

I have the same issue as described above.

Dear, maintainers. Please look into this!

angelinama commented 3 years ago

In order to use RS256 algorithm, the second argument has to be a real encoded primary key. You cannot pass a random secret string like in the default algorithm

alexd-shuttle commented 3 years ago

Hopefully it helps someone else: In my case, the problem was that the PEM file contained multiple keys, and I just passed the whole PEM file into jwt.verify.

Roughly my solution:

const getKey = (header, callback) => {
  const keys = contents_of_whole_pem_file_as_json()
  const key = keys[header.kid]    // ← important step I had been missing
  callback(null, key)
}

jwt.verify(jwt_token, getKey, options, verifyCallback)
gabs086 commented 3 years ago

@scrimmie Hi. Did you fix your issue about this? I'm having the same issue. Maybe you can what's your workaround if you fix it. Thanks

shivani-aeroqube commented 1 year ago

Hi, I am getting a similar issue, do we have a fix for this one yet?