Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with verifying access token #915

Closed
mutairibassam opened this issue Jun 10, 2023 · 1 comment
Closed

Error with verifying access token #915

mutairibassam opened this issue Jun 10, 2023 · 1 comment

Comments

@mutairibassam
Copy link

mutairibassam commented Jun 10, 2023
edited

Description

jwt.verify() function returns invalid signature although the signature is correct. The code was working 2 days ago with no changes, now it always returns invalid signature.

Token generation is working and it's valid based on https://jwt.io verification but verifying the token is throwing an error.

I debugged the issue and the cause from the below condition (package code, not my code).

try {
  // jws.verify return false which let it throw JsonWebTokenError('invalid signature') in below condition.
  valid = jws.verify(jwtString, decodedToken.header.alg, secretOrPublicKey);
} catch (e) {
  return done(e);
}

if (!valid) {
  return done(new JsonWebTokenError('invalid signature'));
}

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

  1. create a profile and generate a new token for a specific user using the below function.
function generateAccessToken(user) {
    // user == {username: 'mike'}
    // process.parsed.ACCESS_TOKEN_SECRET == test
    return jwt.sign(user, process.parsed.ACCESS_TOKEN_SECRET, {
        expiresIn: "7d",
    });
}
  1. Verify the generated token.
// process.parsed.ACCESS_TOKEN_SECRET == test
jwt.verify(token, process.parsed.ACCESS_TOKEN_SECRET, async (err, user) => {
    // err == Invalid Signature
    if (err) return res.status(403).send(Response.forbidden({}));

    // check database and compare the tokens
    const dbToken = await getTokenByUsername(user.username);
    // check tokens
    if(token === dbToken) {
        req.user = user;
        return next();
    }
    return res.status(403).send(
        Response.forbidden({})
    ); 
});
  1. You should face invalid signature error.
  • Log files (redact/remove sensitive information)
    Error: JsonWebTokenError: invalid signature
  • Screenshots
image

Environment

Please provide the following:

  • Version of this library used: ^9.0.0
  • Version of the platform or framework used, if applicable:
  • Other relevant versions (language, server software, OS, browser): nodejs (v18.13.0) npm (8.19.3)
  • Other modules/plugins/libraries that might be involved:
@mutairibassam
Copy link
Author

Issue has been fixed. The token was overridden by parent collection and there is no issue with the package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mutairibassam