You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used the quick start “Ruby On Rails API: Authentication” successfully. Created an API and everything works just fine. Then I tried to recreate the code but including all this on an existing Rails app and got an error.
The demo (working for me before) include this call to the JWT gem:
JWT.decode(token,nil,true,# Verify the signature of this tokenalgorithm: "RS256",iss: "https://" + ENV["AUTH0_DOMAIN"],verify_iss: true,aud: ENV["AUTH0_AUDIENCE"],verify_aud: true)
The second parameter with nil assigned, in the demo works, but in my project leads me to a JWT Error, understanding that the parameter used for public_key shouldn’t be null. But it’s null in the demo and works. (UPDATE: The nil message seems to come from another object reference). I’m kind of a newbie with JWT matters.
json_web_token.rb and secured.rb are identical to the sample. jwt-2.2.1 it's the same gem version used in both environments.
The only difference I found between the environments of the demo and my legacy project was the Rails version, 5 in the demo, and 4.x on mine. I can’t upgrade right now, so if you think in another thing I can be doing wrong it would be helpful.
I'm including here the code for the jwks_hash method, it's the same in both environments. I just added logger lines to the original. You can see the differences in the output for both environments below.
defself.jwks_hashRails.logger.warn'---> hashing'Rails.logger.warn"https://#{Rails.application.secrets.auth0_domain}/.well-known/jwks.json"jwks_raw=Net::HTTP.getURI("https://#{Rails.application.secrets.auth0_domain}/.well-known/jwks.json")Rails.logger.warnjwks_rawjwks_keys=Array(JSON.parse(jwks_raw)['keys'])Rails.logger.warn'---> jwks_keys'Rails.logger.warnjwks_keys# Check output of this below 👇Hash[jwks_keys.mapdo |k|
[k['kid'],OpenSSL::X509::Certificate.new(Base64.decode64(k['x5c'].first)).public_key]end]end
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️
Sorry about the issue, I'm happy to say the problem was just a mismatch with the audience field value. Didn't notice for days because was just the same audience URL but with a backslash added behind 😳. I was specifiying https://my.audience.url/ instead of expected https://my.audience.url 🤦♂️.
I used the quick start “Ruby On Rails API: Authentication” successfully. Created an API and everything works just fine. Then I tried to recreate the code but including all this on an existing Rails app and got an error.
The demo (working for me before) include this call to the JWT gem:
The second parameter with nil assigned, in the demo works, but in my project leads me to a JWT Error, understanding that the parameter used for public_key shouldn’t be null. But it’s null in the demo and works.(UPDATE: The nil message seems to come from another object reference). I’m kind of a newbie with JWT matters.Error message:
json_web_token.rb
andsecured.rb
are identical to the sample.jwt-2.2.1
it's the same gem version used in both environments.The only difference I found between the environments of the demo and my legacy project was the Rails version, 5 in the demo, and 4.x on mine. I can’t upgrade right now, so if you think in another thing I can be doing wrong it would be helpful.
Cross-posted (sorry if it's too much):
The text was updated successfully, but these errors were encountered: