search

auth0 / node-jsonwebtoken

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
MIT License
17.68k stars 1.23k forks source link

error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode #816

Open TLKG opened 2 years ago

TLKG commented 2 years ago

Description

Token validated ok at jwt.io. Received error with .verify

Error:

code:'ERR_OSSL_PEM_BAD_BASE64_DECODE'
function:'PEM_read_bio_ex'
library:'PEM routines'
reason:'bad base64 decode'
message:'error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode'
stack:'Error: error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode\n    at Verify.verify (internal/crypto/sig.js:188:24)

Provide a clear and concise description of the issue, including what you expected to happen.

Reproduction

const jwt = require("jsonwebtoken");
var vtoken = "...";  // validated by jwt.io
var key = "...";  // value copied from jwt.io
var publickey = "-----BEGIN CERTIFICATE-----\n" + key + "\n-----END CERTIFICATE-----";  
var payload= jwt.verify(vtoken, publickey, { algorithms: ['RS256'] });
  • Screenshots image

Environment

Please provide the following:

elitan commented 2 years ago

@TLKG Was this fixed? If yes, how?

TLKG commented 2 years ago

@elitan Following works locally

async function getMSPublicKey(misc)
{
    var vurl = "https://login.microsoftonline.com/" + misc.tenantId + "/v2.0/.well-known/openid-configuration";
    const x1 = await fetch(vurl);
    const x2 = await x1.json();
    const x3 = await fetch(x2.jwks_uri);
    const k = await x3.json();
    return pkey = k.keys.find( k => k.kid === misc.kid).x5c[0];
}
var publickey = "-----BEGIN CERTIFICATE-----\n" + await getMSPublicKey(vmisc) + "\n-----END CERTIFICATE-----";
var payload = jwt.verify(theToken, publickey, { algorithms: ['RS256'] });

After deployed to AZ got "JsonWebTokenError: invalid algorithm".

elitan commented 2 years ago

Thanks. The issue I had was an incorrect key string. It was solved on my end. Thanks.

eriegz commented 2 years ago

Should this issue get closed then?

Yudota commented 2 years ago

try this:

async function getMSPublicKey(misc) { var vurl = "https://login.microsoftonline.com/" + misc.tenantId + "/v2.0/.well-known/openid-configuration"; const x1 = await fetch(vurl); const x2 = await x1.json(); const x3 = await fetch(x2.jwks_uri); const k = await x3.json(); return pkey = k.keys.find( k => k.kid === misc.kid).x5c[0]; } var publickey = "-----BEGIN CERTIFICATE-----\n" + await getMSPublicKey(vmisc) + "\n-----END CERTIFICATE-----\n"; var payload = jwt.verify(theToken, publickey, { algorithms: 'RS256' });

copremesis commented 1 year ago

Yeah in my case using a different library it was essentially a copy & paste error with the key