Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct RS256 keypair keeps throwing: secretOrPrivateKey must be a symmetric key when using HS256 #212

Open
roelvanhintum opened this issue Dec 7, 2023 · 0 comments
Open

Correct RS256 keypair keeps throwing: secretOrPrivateKey must be a symmetric key when using HS256 #212

roelvanhintum opened this issue Dec 7, 2023 · 0 comments
Assignees
@Cvmcosta
Labels
bug Something isn't working

Comments

@roelvanhintum
Copy link

roelvanhintum commented Dec 7, 2023
edited
Loading

Describe the bug
While using a correct keypair (accoirding to https://jwt.io/ set to RS256) i keep getting the following error:
secretOrPrivateKey must be a symmetric key when using HS256

Generated the keys with the following commands:

openssl genrsa -out jwtRSA256-private.pem 2048
openssl rsa -in jwtRSA256-private.pem -pubout -outform PEM -out jwtRSA256-public.pem

Expected behavior
Normal login using saLTIre.

Provider logs

2023-12-07T15:14:57.393Z provider:main Receiving request at path: /lti/login
2023-12-07T15:14:57.393Z provider:main Receiving a login request from: https://saltire.lti.app/platform, clientId: saltire.lti.app
2023-12-07T15:14:57.396Z provider:main Redirecting to platform authentication endpoint
2023-12-07T15:14:57.396Z provider:main Target Link URI:  https://myurl.example/lti
2023-12-07T15:14:57.397Z provider:main Login request: 
2023-12-07T15:14:57.399Z provider:main {
  response_type: 'id_token',
  response_mode: 'form_post',
  id_token_signed_response_alg: 'RS256',
  scope: 'openid',
  client_id: 'saltire.lti.app',
  redirect_uri: 'https://myurl.example/lti',
  login_hint: '29123',
  nonce: 'dhbtgbyhs1s2h2fjm5vwn8ftf',
  prompt: 'none',
  state: 'e58b660afb9f0b4ef75aece82f50491e6fd6c14a8df083cdd1',
  lti_message_hint: 'My LTI message hint!',
  lti_deployment_id: 'cLWwj9cbmkSrCNsckEFBmA'
}
2023-12-07T15:14:57.842Z provider:main Receiving request at path: /lti/
2023-12-07T15:14:57.842Z provider:main Path does not match reserved endpoints
2023-12-07T15:14:57.842Z provider:main Cookies received: 
2023-12-07T15:14:57.842Z provider:main [Object: null prototype] {
  statee58b660afb9f0b4ef75aece82f50491e6fd6c14a8df083cdd1: 'https://saltire.lti.app/platform'
}
2023-12-07T15:14:57.842Z provider:main Received idtoken for validation
2023-12-07T15:14:57.842Z provider:auth Response state: e58b660afb9f0b4ef75aece82f50491e6fd6c14a8df083cdd1
2023-12-07T15:14:57.846Z provider:auth Attempting to validate iss claim
2023-12-07T15:14:57.846Z provider:auth Request Iss claim: https://saltire.lti.app/platform
2023-12-07T15:14:57.846Z provider:auth Response Iss claim: https://saltire.lti.app/platform
2023-12-07T15:14:57.846Z provider:auth Attempting to retrieve registered platform
2023-12-07T15:14:57.857Z provider:auth Retrieving key from jwk_set
2023-12-07T15:14:58.248Z provider:auth Converting JWK key to PEM key
2023-12-07T15:14:58.250Z provider:auth Attempting to verify JWT with the given key
2023-12-07T15:14:58.254Z provider:auth Token signature verified
2023-12-07T15:14:58.255Z provider:auth Initiating OIDC aditional validation steps
2023-12-07T15:14:58.255Z provider:auth Validating if aud (Audience) claim matches the value of the tool's clientId given by the platform
2023-12-07T15:14:58.255Z provider:auth Aud claim: saltire.lti.app
2023-12-07T15:14:58.255Z provider:auth Checking alg claim. Alg: RS256
2023-12-07T15:14:58.255Z provider:auth Max age parameter:  10
2023-12-07T15:14:58.255Z provider:auth Checking iat claim to prevent old tokens from being passed.
2023-12-07T15:14:58.255Z provider:auth Iat claim: 1701962097
2023-12-07T15:14:58.255Z provider:auth Exp claim: 1701962157
2023-12-07T15:14:58.255Z provider:auth Current_time: 1701962098.255
2023-12-07T15:14:58.255Z provider:auth Time passed: 1.255000114440918
2023-12-07T15:14:58.255Z provider:auth Validating nonce
2023-12-07T15:14:58.255Z provider:auth Nonce: dhbtgbyhs1s2h2fjm5vwn8ftf
2023-12-07T15:14:58.256Z provider:auth Tool's clientId: saltire.lti.app
2023-12-07T15:14:58.256Z provider:auth More than one aud listed, searching for azp claim
2023-12-07T15:14:58.260Z provider:auth Storing nonce
2023-12-07T15:14:58.272Z provider:auth Initiating LTI 1.3 core claims validation
2023-12-07T15:14:58.272Z provider:auth Checking Message type claim
2023-12-07T15:14:58.272Z provider:auth Checking Target Link Uri claim
2023-12-07T15:14:58.272Z provider:auth Checking Resource Link Id claim
2023-12-07T15:14:58.272Z provider:auth Checking LTI Version claim
2023-12-07T15:14:58.272Z provider:auth Checking Deployment Id claim
2023-12-07T15:14:58.272Z provider:auth Checking Sub claim
2023-12-07T15:14:58.272Z provider:auth Checking Roles claim
2023-12-07T15:14:58.274Z provider:auth Successfully validated token!
2023-12-07T15:14:58.289Z provider:main Generating ltik
2023-12-07T15:14:58.290Z provider:main Deleting state cookie and Database entry
2023-12-07T15:14:58.293Z provider:auth Error: secretOrPrivateKey must be a symmetric key when using HS256
    at module.exports [as sign] (/usr/src/app/node_modules/jsonwebtoken/sign.js:127:20)
    at sessionValidator (/usr/src/app/node_modules/ltijs/dist/Provider/Provider.js:425:33)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-12-07T15:14:58.293Z provider:main Passing request to invalid token handler

Ltijs version

  • Version 5.9.3

NodeJS version

  • v21.1.0

Platform used
@roelvanhintum roelvanhintum added the bug Something isn't working label Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Cvmcosta Cvmcosta

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roelvanhintum @Cvmcosta