search

twilio / twilio-java

A Java library for communicating with the Twilio REST API and generating TwiML.
MIT License
482 stars 421 forks source link

Latest Twilio library causes Java JWT to throw error when signing JWT #745

Closed Zander1983 closed 1 year ago

Zander1983 commented 1 year ago

Issue Summary

A summary of the issue and the environment in which it occurs. If suitable, include the steps required to reproduce the bug. Please feel free to include screenshots, screencasts, or code examples.

I recently upgraded in my gradle project from Twilio 7.41.1 to to 9.6.0

compile group: 'com.twilio.sdk', name: 'twilio', version: '7.41.1'

This caused a seriously problem with the Java JWT library, which now throws the error:

The signing key's algorithm 'HS512' does not equal a valid HmacSHA* algorithm name and cannot be used with HS512.

Steps to Reproduce

  1. Add the Java JWT lib to your gradle project
  2. Add the latest Twilio library
  3. Try to sign a JWT

Code Snippet

After upgrading Twilio, this code was effected:

            String secretKeyStr = "my_key";
            SecretKey secretKey = new SecretKeySpec(secretKeyStr.getBytes(Charsets.UTF_8), "HmacSHA512");

            JwtBuilder jwtBuilder = Jwts.builder()
                    .setSubject(userAccessId)
                    .setIssuer("the_issuer")
                    .signWith(HS512, secretKey);

Exception/Log

The signing key's algorithm 'HS512' does not equal a valid HmacSHA* algorithm name and cannot be used with HS512.

Technical details:

charan678 commented 1 year ago

We didn't made any changes from 8.X to 9.X which would have made this impact. I can see you are still on 7.X version. Can you please update to 8.36 and check are you facing this issue.

sbansla commented 1 year ago

No update, closing the issue.