We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following token, part of your example code in the README (in both this repository and in the jwt_claims repo as well!), is invalid.
jwt_claims
secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
Tested with json_web_token gem:
json_web_token
[6] pry(main)> JsonWebToken.verify('eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.cGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C') => {:error=>"invalid"}
Shows truncated payload output when tested in the https://jwt.io/ debugger and signature does not verify there.
The text was updated successfully, but these errors were encountered:
Insecure token example in README also seems broken:
unsecured_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.'
[9] pry(main)> unsecured_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt.' => "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt." [10] pry(main)> JsonWebToken.verify(unsecured_jwt_example, alg: 'none') RuntimeError: Algorithm not matching 'alg' header parameter from /usr/local/var/rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/json_web_token-0.3.1/lib/json_web_token/jws.rb:80:in `validate_alg_match' [11] pry(main)>
Sorry, something went wrong.
I submitted a pull request with the fix in the jwt_claims gem for this README issue in that repo.
garyf/jwt_claims@e3357e1
f18ae0f
No branches or pull requests
The following token, part of your example code in the README (in both this repository and in the
jwt_claims
repo as well!), is invalid.Tested with
json_web_token
gem:Shows truncated payload output when tested in the https://jwt.io/ debugger and signature does not verify there.
The text was updated successfully, but these errors were encountered: