how to verify jwt which signed by java jose4.jwt

cdbattags / lua-resty-jwt

JWT For The Great Openresty

Apache License 2.0

146 stars 44 forks source link

how to verify jwt which signed by java jose4.jwt #47

Closed luguohong closed 3 years ago

luguohong commented 3 years ago

my team had sign a jwt from java jose4.jwt with aeskey，then i need to verify in kong. so i use lua-resty-jwt, but when i use a key to verify, resty-jwt tell me signature mismatch! i thought maybe the key cause the problem. in java the key will be base64url.decode to bytes and set into aeskey, but in resty-jwt, i have no idea how to do it

luguohong commented 3 years ago

the jwt is eyJraWQiOiJBRVMiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJtZWlDbG91ZC5jb20iLCJhdWQiOiIiLCJleHAiOjE2MDU2OTM0NTQsImp0aSI6IlRLVkE1WUxrakhTWjV0Sml0WC1TWnciLCJpYXQiOjE2MDU2ODYyNTQsIm5iZiI6MTYwNTY4NjEzNCwic3ViIjoiYXhxQ1NwaVVXVGRMMjZZUXhwUEF3dXhEIiwidXVpZCI6IjE2MDU2ODYyNDE5NzciLCJzb3VyY2UiOiIifQ.KeB7KzJCpEpwHjxdlqRCqXgjiiok-fnTfE-KFY8BAJ8

luguohong commented 3 years ago

the problem had been sloved. our java team change the key decode. once our java team use base64.decode(secert) to set aeskey(new AesKey(base64.decode(secert))), and then they change to new AesKey(secert.getBytes()), then resty-jwt work.