wrong tag - RS256

[dkatona]

Hi,

I have the following JWT token (generated from keycloak ):

eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5ZTVlYTkxYS05ZDk0LTQ2M2YtYjVlMi00Y2U0YWRjMzM2MzYiLCJleHAiOjE0NTgyOTQ0NzcsIm5iZiI6MCwiaWF0IjoxNDU4Mjk0MTc3LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvVGVzdCIsImF1ZCI6IlRlc3RDbGllbnQiLCJzdWIiOiIzYzFmMjBkOS1kNDgxLTQzN2QtOWZlOC03YzU0YzZhNDY1ZTYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJUZXN0Q2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjlkZTJlNDYyLThmMGUtNGU3Yi05MmM2LTEzMzc5MDQ4OGM2NiIsImNsaWVudF9zZXNzaW9uIjoiNTI3MDkyODMtYzNmNy00ZGQxLWExMjYtOGRmNjBmNDRhNWU5IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCJ9.fujEnidGKs1F2RRG-MGKP-aQDa8DqzR3nQDpt-TQDQ1rBbj4xdI2UDFL1tgMNj-V--xf_bKujf0ROM5VUd-AOdR0n5dnmO8pgm02P-0Pc5Ycat2ADJoL3TlJJSE2SkZNPQ-MS3DN2d_bnJak3If3OwlzXH7puOVgxGnjNnWWTm_nZXi2Y1gdUOdMOzbUDR--e2-hDPwZG5PS4xUX_XbMMVhPAwYqsEfpPdYVXgcoF7czjWPFPqtaEXy0BvJashdsy-Tv56wusKrt38tWP5MA6qWxtXNP4Cho-RGdAI6jDgmsJKE-jDSME7vVy-5i6w1NI_hr_4zakOLzySfcsFgYRg

Public key:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNMMislfx2MqXNLP5rFOZ5/K54qpI2JitGBoosOuxBGnNS8nbsqDW7VoXEDooR3KrZoJQurxKuvFQ/RnEWpNNd6wZnussIbmQzYKOBhzpu3ksOena7enfxAVTfc5WiuU1+NwP9AEbJJWSPskMkEINluk+aCL5y8d27q3Rooo9bvtcrR4f7RxvHnv1mzaXGP2b7W7AO2qMoiizmZWWKTxeea2RmGniNFHbI2i0SVTQWdW3KKo+iX98SC0HCw8KnFI6wbwABDnel7xLz+LRinw9+Jr9gQdAPFZIY1tKyKiqzGkCnz3N3DPdE3dHON8Mnsh1Lwv9FQurYdwB0vvfH5ZhQIDAQAB

Unfortunately when verifying the token with lua.jwt:
local jwt_obj = jwt:verify(cert, jwt_token)
The token is not verified and the reason is "Wrong tag" which I wasn't able to decipher what it means.

{"payload":{"nbf":0,"azp":"TestClient","client_session":"52709283-c3f7-4dd1-a126-8df60f44a5e9","iat":1458294177,"iss":"http://localhost:8080/auth/realms/Test","aud":"TestClient","preferred_username":"test","name":"","session_state":"9de2e462-8f0e-4e7b-92c6-133790488c66","sub":"3c1f20d9-d481-437d-9fe8-7c54c6a465e6","exp":1458294477,"resource_access":{"account":{"roles":["manage-account","view-profile"]}},"jti":"9e5ea91a-9d94-463f-b5e2-4ce4adc33636","allowed-origins":{},"typ":"Bearer"},"reason":"wrong tag","raw_header":"eyJhbGciOiJSUzI1NiJ9","valid":true,"header":{"alg":"RS256"},"signature":"fujEnidGKs1F2RRG-MGKP-aQDa8DqzR3nQDpt-TQDQ1rBbj4xdI2UDFL1tgMNj-V--xf_bKujf0ROM5VUd-AOdR0n5dnmO8pgm02P-0Pc5Ycat2ADJoL3TlJJSE2SkZNPQ-MS3DN2d_bnJak3If3OwlzXH7puOVgxGnjNnWWTm_nZXi2Y1gdUOdMOzbUDR--e2-hDPwZG5PS4xUX_XbMMVhPAwYqsEfpPdYVXgcoF7czjWPFPqtaEXy0BvJashdsy-Tv56wusKrt38tWP5MA6qWxtXNP4Cho-RGdAI6jDgmsJKE-jDSME7vVy-5i6w1NI_hr_4zakOLzySfcsFgYRg","verified":false,"raw_payload":"eyJqdGkiOiI5ZTVlYTkxYS05ZDk0LTQ2M2YtYjVlMi00Y2U0YWRjMzM2MzYiLCJleHAiOjE0NTgyOTQ0NzcsIm5iZiI6MCwiaWF0IjoxNDU4Mjk0MTc3LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvVGVzdCIsImF1ZCI6IlRlc3RDbGllbnQiLCJzdWIiOiIzYzFmMjBkOS1kNDgxLTQzN2QtOWZlOC03YzU0YzZhNDY1ZTYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJUZXN0Q2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjlkZTJlNDYyLThmMGUtNGU3Yi05MmM2LTEzMzc5MDQ4OGM2NiIsImNsaWVudF9zZXNzaW9uIjoiNTI3MDkyODMtYzNmNy00ZGQxLWExMjYtOGRmNjBmNDRhNWU5IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCJ9"}

The same token and public key pass verification in java libraries.

[dkatona]

I found out that certificate needs to be supplied (and properly formatted - I was supplying it originally on one line and got base64 bad decode). So I changed the public key to certificate, formatted it properly and it seems to work, so I am closing this issue, sorry for opening it :)

[choubacha]

@dkatona What were the changes to the format that you needed to make? I'm getting the bad decode error but I think i have the correct format.