Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to use a 'signing key' as used by next-auth #389

Closed
recurser opened this issue Dec 14, 2020 · 1 comment
Closed

How to use a 'signing key' as used by next-auth #389

recurser opened this issue Dec 14, 2020 · 1 comment

Comments

@recurser
Copy link

@recurser recurser commented Dec 14, 2020

I'm trying to use next-auth on the frontend backed by a Rails API. The JWT tokens generated by the frontend use a signingKey (see docs). The key looks like this:

$ jose newkey -s 256 -t oct -a HS512
{"kty":"oct","kid":"kigxq6S4B7X4-wTxbqEJMYLYVid-BjW4SZMMm6wSC3c","alg":"HS512","k":"ghBlGxKq9CcDYDG7XUHmquoBc-mrMXWfpZcPYnMihBQ"}

I can't get the tokens generated by the frontend to verify in Ruby (Signature verification raised), and I'm unsure how to plug this key into ruby-jwt. The tokens seem to verify ok in jwt.io. Any advice as to how I should use this kind of JSON key in addition to (or instead of?) the secret in ruby-jwt?

On the ruby side I'm doing this:

JWT.decode(token, secret, true, { algorithms: ['HS512'] })
@recurser
Copy link
Author

@recurser recurser commented Dec 15, 2020

I've figured this out - the signing key created via jose newkey -s 256 -t oct -a HS512 is using type oct, but the ruby-jwt docs state that it Currently only supports RSA public keys.

To use ruby-jwt with next-auth:

  1. Creating an rsa signing key (jose newkey -t rsa)
  2. Add the signingKey as a JSON string in next-auth config (see docs).
  3. Decode in ruby via:
    jwks = { keys: [<INCLUDE SIGNING KEY HERE AS A RUBY HASH, NOT A JSON STRING>] }
    JWT.decode(token, secret, true, { algorithms: ['PS256'], jwks: jwks }) 
    
@recurser recurser closed this Dec 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant