auth0 / node-jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
MIT License
17.75k stars 1.23k forks source link

Token encoded with empty string payload throw invalid token error on verify() #800

Open BlairCurrey opened 2 years ago

BlairCurrey commented 2 years ago

Description

When you sign a key with an empty string as a payload, the verification throws JsonWebTokenError: invalid token. Instead, I expect it to return the empty string, ''. If this can't be accomplished, then I think it should fail to sign with some sort of invalid payload error. I wouldn't expect it to be possible to sign something that cannot be verified.

Reproduction

> jwt.sign('', 'someKey')
'eyJhbGciOiJIUzI1NiJ9..4Q39XnmJ95pIs0bJ05Gq_byy31eRYSrlmhrgKI5FHkk'
> jwt.verify('eyJhbGciOiJIUzI1NiJ9..4Q39XnmJ95pIs0bJ05Gq_byy31eRYSrlmhrgKI5FHkk', 'someKey')
Thrown:
JsonWebTokenError: invalid token
    at Object.module.exports [as verify] (/home/project/node_modules/jsonwebtoken/verify.js:75:17) {
  name: 'JsonWebTokenError',
  message: 'invalid token'
}

Environment

jsonwebtoken: 8.5.1 node v12.13.0

danielwust commented 7 months ago

I had this problem, Changing the format from AuthOAuth2JWTToken to AuthJWTToken and it worked.

Good lucky..