Closed ecthiender closed 5 years ago
Hi @ecthiender, thanks for reporting.
The message is indeed cryptic. I will need to investigate why such a poor error is returned.
But the input is invalid: g5ZleTFZSqkxwQSbQ8eQFqfoxOE%3D
is not a valid base64url value. Specifically, %3D
is percent-encoded =
. It should be stripped from the value.
I'll leave this open for now as a reminder to investigate why the error message sucks so bad :)
@frasertweedale ok that was me trying to be smart and followed some online blog (https://redthunder.blog/2017/06/08/jwts-jwks-kids-x5ts-oh-my/). The original x5t
indeed did not have the %3D
encoding. It was just g5ZleTFZSqkxwQSbQ8eQFqfoxOE
. Even then I get the exact same error.
This has been an issue for a software that I write. You can find more details in the issue here: https://github.com/hasura/graphql-engine/issues/983#issuecomment-437957258
Let me know how else can I help and/or provide more details.
@ecthiender ok, it's a bug that has already been fixed (https://github.com/frasertweedale/hs-jose/commit/32c3efdba2b3520a8052ba2fe07ab04c073b8ec9) but the fix hasn't made its way into a release yet. I'm planning to release v0.8 next week.
Thanks for your time and the fix. Eagerly waiting for the release (as this affects our users). :)
Released v0.8.0.0. Closing this ticket now.
Setup
I have a JWT [1], which has a
x5t
parameter in the header. Which is base64url-encoded. According to https://tools.ietf.org/html/rfc7515#section-4.1.7The value of the
x5t
parameter isg5ZleTFZSqkxwQSbQ8eQFqfoxOE%3D
.Problem
When I call the
decodeCompact
function on the JWT, I get the following error:JWSError (CompactDecodeError "expected NonEmpty a, encountered String")
If I remove the
x5t
parameter, it works fine.I'm unable to detect/debug what the exact issue is. Any help would be appreciated :)
Other details
[1] (the JWT) :
The public key part of the signing key is:
Using version:
0.7.0.0