Unauthorized response with default config

vgomez-dataworks commented 3 years ago

I installed mercure-bundle in my symfony with default values, just switched the URL of mercure to the my own.

MERCURE_JWT_SECRET="!ChangeMe!"

And mercure is also running with default config.

SERVER_NAME=:3000 MERCURE_PUBLISHER_JWT_KEY='!ChangeMe!' MERCURE_SUBSCRIBER_JWT_KEY='!ChangeMe!' ./mercure run -config Caddyfile.dev

But i got an Unauthorized response

Captura de Pantalla 2021-04-19 a la(s) 18 32 16

Then i tested in many ways to get it working and finally i found the problem:

When I copy the Token to decode it, the expiration date appears to be in an incorrect format.

Captura de Pantalla 2021-04-19 a la(s) 18 39 24

If I remove the quotes, converting the string into decimal value, the expiration date appears to be correct.

Captura de Pantalla 2021-04-19 a la(s) 18 43 11

Finally I tested with both tokens, first the token generated by symphony and then with decimal expiration date.

Captura de Pantalla 2021-04-19 a la(s) 18 49 11

Mercure: 0.10.4 (Darwin) Symfony: 5.2 Symfony mercure-bundle: 0.3.2

I don't know if it is a mistake done by me or is a real bug, i hope someone can help me.

Thanks

chalasr commented 3 years ago

Thanks for the detailed analysis and report. Upgrading Mercure to v0.11.2 is likely to fix it, see https://github.com/dunglas/mercure/releases/tag/v0.11.2

vgomez-dataworks commented 3 years ago

Sorry I made a mistake reporting the version of Mercure I am using, the problem is with version 0.11.2 Darwin.

vgomez-dataworks commented 3 years ago

I finally found the problem, is related to an outdated version of the library lcobucci/jwt.

How can I force to download the correct version of lcobucci/jwt if i don't have the lcobucci/jwt in my composer.json?

vgomez-dataworks commented 3 years ago

My problem was fixed with this commit:

So I ran composer update "lcobucci/jwt"

And everything is working now

Thanks

symfony / mercure-bundle