Getting Invalid Signature while validaing Facebook Limited Login's JWT

[Jay21022001]

Checklist before submitting a bug report

• [X] I've updated to the latest released version of the SDK
• [X] I've searched for existing GitHub issues
• [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
• [X] I've read the Code of Conduct
• [x] This issue is not security related and can safely be disclosed publicly on GitHub

Xcode version

1.1.1

Facebook iOS SDK version

17.0.1

Dependency Manager

Other / I don't know

SDK Framework

Login

Goals

While Verifying Facebook Limited Login JWT, The Signature should be verified, But It throws "invalid signature" Error

Expected results

The Signature should be verified successfully

Actual results

It throws an "Invalid Signature" Error

Error: invalid signature

Steps to reproduce

1. Pass your nonce and get the JWT from the Facebook
2. Call the Facebook's JWKS and get your Public key
3. Verify the signature => It throws an Invalid Signature

Code samples & details

const decoded = jwt.decode(token, { complete: true });
const { kid, alg } = decoded.header;
const key = await this.getPublicKey(kid);
const signingKey = key.getPublicKey();
console.log(signingKey)
return jwt.verify(token, signingKey, {
    algorithms: [alg],
});

static async getPublicKey(kid) {
    const client = jwksClient({
    jwksUri: FACEBOOK_JWKS_URL,
    timeout: API_TIMEOUT
    });
    return client.getSigningKey(kid);
}

[Jay21022001]

Anyone, Please help me with this issue.

[JuanEBrainium]

We are also experiencing this issue

[shkfaiz]

Anyone found the fix

[akrin-0]

Hello, I was looking for a solution to the same problem, what I realized is that there was no problem at the first place. Check this out: https://github.com/facebook/facebook-ios-sdk/issues/2442#issuecomment-2221223725