search

dwyl / hapi-auth-jwt2

:lock: Secure Hapi.js authentication plugin using JSON Web Tokens (JWT) in Headers, URL or Cookies
ISC License
798 stars 126 forks source link

Invalid token when running in a docker container. #345

Closed lucaslacerdacl closed 4 years ago

lucaslacerdacl commented 4 years ago

Hi Everyone, how u guys doing?

In the past couple days I've been developing my API using hapi-auth-jwt2 and it was wonderful. However, when I create the docker container and run my server i could not verify the user token.

I'm using the RS256 algorithm and this is part of my code:

const token = Jwt.sign(payload, privateKey, {
      expiresIn: jwtExpiration,
      algorithm: jwtAlgorithm,
      issuer: jwtIssuer,
    });

    return token;
        Jwt.verify(request.headers.authorization, jwtConfig.publicKey, {
          issuer: jwtConfig.issuer,
        });

        if (!decoded.id) {
          throw Boom.unauthorized('Unauthorized.');
        }

        const user = await findUser(server, decoded.id);

The private and the public key was generated inside the container with the following code:

openssl genrsa -out private.pem 2048 openssl rsa -in private.pem -pubout > public.pem

The error i get is this one:

Debug: auth, unauthenticated, error, jwt 
    Error: Invalid token
    at Object.raiseError (/app/node_modules/hapi-auth-jwt2/lib/index.js:289:45)
    at Object.internals.authenticate (/app/node_modules/hapi-auth-jwt2/lib/index.js:163:26)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7)

I also insert a console log inside the hapi-auth-jwt2 module and get this error:

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Verify.verify (crypto.js:381:23)
    at Object.verify (/app/node_modules/jwa/index.js:164:21)
    at Object.jwsVerify [as verify] (/app/node_modules/jws/lib/verify-stream.js:54:15)
    at /app/node_modules/jsonwebtoken/verify.js:127:19
    at getSecret (/app/node_modules/jsonwebtoken/verify.js:90:14)
    at Object.module.exports [as verify] (/app/node_modules/jsonwebtoken/verify.js:94:10)
    at Object.internals.verifyJwt (/app/node_modules/hapi-auth-jwt2/lib/index.js:77:18)
    at Object.internals.authenticate (/app/node_modules/hapi-auth-jwt2/lib/index.js:150:34)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:189:7)

I would like to remember that in localhost is working perfect the only problem is in docker container.

Thanks!

nelsonic commented 4 years ago

@lucaslacerdacl thanks for opening this issue and confirming that the App works for you on localhost. Without access to the Dockerfile and more of your code we do not have enough to help debug this. Can you please confirm that jwtConfig.publicKey is defined?

lucaslacerdacl commented 4 years ago

@nelsonic I guess I've figured out whats happening.

I was printing my private and public key after read from a file and it was all fine, however, when I printed the key inside hapi-auth-jwt2 module i discovery that only my private key was present.

In the props key I add public and private key (perviously was only private key):

server.auth.strategy('jwt', 'jwt', {
    key: [jwtConfig.privateKey, jwtConfig.publicKey],
   ...

And it's work!

My conclusion was that the module was trying to decode my token with the private key.

I also remove the code:

Jwt.verify(request.headers.authorization, jwtConfig.publicKey, {
          issuer: jwtConfig.issuer,
        });

Because the module has already verify the integrity of the token.

Is my conclusion correct good sir?

nelsonic commented 4 years ago

@lucaslacerdacl yeah, that makes sense. Provided your JS code is reading the keys correctly from the Docker environment and you can successfully make an API request to the App running inside Docker you're sorted. 👍