"No verification key available" because `decoding_secret` is nil

lauramosher commented 2 years ago

Please, for a bug report fill in the following template. Before that, make sure to read the whole README.

Feature requests and questions about warden-jwt_auth are also accepted.

Expected behavior

decoding_secret to correctly default to secret on configuration per the README stating that decoding_secret only need to be set if using an asymmetric algorithm; and devise jwt / token decoding works as expected

Actual behavior

decoding_secret is nil; devise jwt / token decoding does not work and returns "No verification key available"

Steps to Reproduce the Problem

Sign in and get JWT token from dispatch
Use token on authenticated route OR run Warden::JWTAuth::TokenDecoder.new.call(<TOKEN>)
Note: "No verification key available" OR JWT::DecodeError (No verification key available) is returned

Debugging information

Provide following information. Please, format pasted output as code. Feel free to remove the secret key value.

Version of warden-jwt_auth in use 0.7.0

Output of Warden::JWTAuth.config

{
:secret=>"SECRET",
:decoding_secret=>nil,
:algorithm=>"HS256",
:expiration_time=>86400,
:aud_header=>"JWT_AUD",
:mappings=>{:user=>User (call 'User.connection' to establish a connection)},
:dispatch_requests=>[["POST", /^\/auth\/sign_in$/]],
:revocation_requests=>[["DELETE", /^\/auth\/sign_out$/]],
:revocation_strategies=>{:user=>User (call 'User.connection' to establish a connection)}
}

Not, requested, but Output of Devise::JWT.config (0.9.0)

{
:secret=>"SECRET",
:expiration_time=>86400,
:dispatch_requests=>[["POST", /^\/auth\/sign_in$/]],
:revocation_requests=>[["DELETE", /^\/auth\/sign_out$/]],
:aud_header=>"JWT_AUD",
:request_formats=>{}
}

If your issue is related with not getting a JWT from the server:
- Involved request path, method and request headers
- Response headers for that request
If your issue is related with not being able to revoke a JWT:
- Involved request path, method and request headers

waiting-for-dev commented 2 years ago

That's unfortunate. I'll work on it as soon as possible. Feel free to submit a fix.

lauramosher commented 2 years ago

@waiting-for-dev After further testing, this actually looks like an issue with devise-jwt and how it yields configuration to this gem.

I'll close this one out and open it on the proper repo!

waiting-for-dev / warden-jwt_auth