Closed jandillmann closed 8 years ago
Are you stopping and starting the server?
I ask this because each time Openmaize is started, it generates a new secret key (which is then rotated after a certain amount of days - the default being 28 days). This means the check_sign
is using the wrong secret key, and so it fails.
I have been looking into writing the secret keys to disk, which could solve this problem, but I want to make sure that I'm doing so safely.
I saw that in the source code, but no, I didn't restart the server between requests.
Could you add the following lines to the check_sign function (just before the if statement) in deps/openmaize/lib/openmaize/jwt/verify.ex
, and then run mix deps.compile openmaize
:
sign |> IO.inspect |> urldec64 |> IO.inspect
get_mac(enc_header <> "." <> enc_payload, alg, kid) |> IO.inspect
Then let me know the output when it fails.
Sorry, after I was stuck I threw it all out and did it again from the beginning. Now I can't get it to "not work" again… Probably was something in my code. But thanks for your help!
Glad to hear you got it fixed :) If you have any further issues, just let me know.
I'm trying to use Openmaize 0.17 for building an Elixir API, and got my session controller set up with
plug Openmaize.Login, [storage: nil, unique_id: :email] when action in [:create]
. This correctly returns anaccess_token
when logging in with a valid email and password.If I try to use this token for subsequent requests to routes piped through
plug Openmaize.Authenticate
in an Authorization-Header formattedBearer <token>
I get a 401 Unauthorized, and further research shows thatOpenmaize.JWT.Verify.check_sign
fails.Creating and verifying a token in
iex -S mix
works perfectly. Is there something else to configure when usingOpenmaize.Login
to create a token?