Closed johnswarbrick closed 10 months ago
Update - the error seems to be:
NotSupportedError: Unrecognized key import format \"spki\"."
I've tried lots of other JWT validation libraries, but none of them run on Cloudflare Workers due to missing crypto library dependencies. Hoping there is a solution with cloudflare-worker-jwt
Hey @johnswarbrick,
thanks for bringing this to my attention and providing data to test with, really appreciated.
Will take a look and let you know once I've implemented a fix :)
Hey @johnswarbrick,
The WebCrypto API doesn't currently support importing X.509 keys, supporting this would require a bit more work, and since I want to keep this library lightweight, I don't really want to ship all of that code just to support this scenario. I hope you can understand :)
If you're looking for a heavier, but more feature-full implementation of JWT, check out panva/jose
Thanks @tsndr, that's a shame as I like your very lightweight library, but I completely understand your decision! Really appreciate you looking into this so quickly.
If you really want to keep using this library you could Parse the X509 certificate on your end and just pass the resulting public key to jwt.verify()
.
Hi -
Using
@tsndr/cloudflare-worker-jwt@2.2.7
I always getfalse
when trying to verify a Google-issued JWT with a certificate.This is basically the same issue as https://github.com/tsndr/cloudflare-worker-jwt/issues/28 logged by @zombobot1
I'm using JWTs and certificates issued by Google firebase. The certificates are provided here:
https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
I'm extracting the kid from the JWT and using that to match with the specific certificate that should be used to validate the JWT.
I tried using the raw certificate as supplied by Google, tried removing the
-----BEGIN CERTIFICATE-----
prefix/suffix and tried removing line feeds but it always verifies as false.Rather than supplying my own JWT/certificate I've re-used those from the previously raised ticket.
Would really appreciate some help with this one!