Open padenaa opened 1 year ago
gr2m
commented
1 year ago Can you generate a new private key, invalidate the current one, and share the invalid one with us so we can reproduce the problem? I'm using this library extensively in many different apps (as a sub dependency), I have not run into the problem myself yet.
anna-safonov
commented
1 year ago @gr2m the application @padenaa and myself are working on is a GitHub app. The private key is generated by GitHub when the app is created/registered and is the one used to sign requests for access token by the app. This issue is intermittent - we see it for different apps we have, it always happens when integration tests are run in docker before app deployment, and sometimes the issue goes away on re-run of the pipeline. Which seems like the issue is not with the key itself. Hopefully, this provides a bit more context, but if you still need the key for testing, I will provide one.
anna-safonov
commented
1 year ago @gr2m - is there any update on this issue?
wolfy1339
commented
1 year ago I've definitely seen this issue myself while working on the Octokit libraries.
It's been a while, so I can't find a commit/issue quickly.
I believe I had to regenerate the key, and it had a slightly different format, and the error went away
What happened?
I'm doing some development with octokit and probot which bring jsonwebtoken as a dependency. After updating octokit/auth-app to 4.0.8 which supports jsonwebtoken 9.0.1, I'm getting this error:
"secretOrPrivateKey has a minimum key size of 2048 bits for RS256"
The private key used is definitely longer than 2048 bits, so I was not expecting to see this error.
Versions
Node version v16, octokit/auth-app 4.0.8, universal-github-app-jwt 1.1.1, octokit-auth-probot 1.2.8, probot 12.1.1
Relevant log output
Code of Conduct