The auth service module has recently added code that means a user must have a signed JWT. The problem is the user auth service is always passing in the key 'notused' when trying to verify a signed token. Please see below code from line 178 of the module:
if jwt.decode == nil then
data, msg = jwt.verify(session.auth_token, "HS256", "notused");
else
The key should be taken from the prosody cfg file or an environment variable.
The current work around is to sign the JWT with notused.
The auth service module has recently added code that means a user must have a signed JWT. The problem is the user auth service is always passing in the key 'notused' when trying to verify a signed token. Please see below code from line 178 of the module:
The key should be taken from the prosody cfg file or an environment variable.
The current work around is to sign the JWT with notused.
Steps to recreate: