ArgumentError in `verify': wrong number of arguments (given 3, expected 1)

[yazinsai]

I'm using the sample code shown in the README for RS256:

rsa_private = OpenSSL::PKey::RSA.generate 2048
rsa_public = rsa_private.public_key

token = JWT.encode payload, rsa_private, 'RS256'

decoded_token = JWT.decode token, rsa_public, true, { algorithm: 'RS256' }

Instead of getting a decoded_token hash, I get this error message:

Traceback (most recent call last):
    8: from main.rb:25:in `<main>'
    7: from main.rb:7:in `verify'
    6: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt.rb:28:in `decode'
    5: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/decode.rb:26:in `decode_segments'
    4: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/decode.rb:42:in `verify_signature'
    3: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/signature.rb:31:in `verify'
    2: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/algos/rsa.rb:15:in `verify'
    1: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/security_utils.rb:20:in `verify_rsa'
/home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/security_utils.rb:20:in `verify': wrong number of arguments (given 3, expected 1) (ArgumentError)
exit status 1

This seems to be because OpenSSL::X509::Certificate.verify expects a single argument but is receiving 3:

# jwt-2.2.3/lib/jwt/security_utils.rb:20
def verify_rsa(algorithm, public_key, signing_input, signature)
  public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input) # 👈  3 arguments passed
end

[thomasdarde]

Any update on this ? Seeing the same issue (with ruby 3)

[yazinsai]

None, still waiting for feedback on this.

[thomasdarde]

Thanks for the feedback.
I did try this code and it seems to work with latest jwt version without issue 2.2.3. (FYI my payload was : payload= {a: "b"})

But I did get a very similar issue trying to decode an azure jwt token.

public_key was of type OpenSSL::X509::Certificate instead of OpenSSL::PKey::RSA on a OpenSSL::X509::Certificate instance you can call public_key and get a OpenSSL::PKey::RSA (but now I receive an invalid signature message from jwt...)

[anakinj]

For sure if a OpenSSL::X509::Certificate object is given as the public_key there will be some errors. Apparently the OpenSSL::X509::Certificate#verify method is to verify the signature of the certificate.

Then why the verification is failing if the certificates public key is given is pretty hard to figure out without more info or some example.

[anakinj]

Going to close this one as a stale issue. Suspect mixing PKey instances and certificate instances here.