InvalidArgumentException: The algorithm "RS256" is not supported

[neuquen]

Describe the bug
I'm trying to get the "Easy" install set up (using this documentation), but when I run the code I get the following exception:

InvalidArgumentException: The algorithm "RS256" is not supported. in C:\...\web-token\jwt-core\AlgorithmManager.php:65

Here is my test code:

$token = '[valid jwt access token]';
$jwk = new JWK([
  "kty" => "RSA",
  "kid" => "b/O6OvVv1+y+WgrH5Ui9WTioLt0=",
  "use" => "sig",
  "alg" => "RS256",
  "n" => "o1uXz14_oHyRkBM1I97f45nd6wvHfWGNf51qQe0_BcIBoIqokXCPAp3HJG492xUb7wNuTc8aGTbpomtIT3cSnF6qZCrE08x4P43T_ymOS5VhbA8hD-2zaJOJY5WfvDOUTgBJ--6mo5HmmO5gxY2j-l3gvtA2NQIqgC30fXUczKI_7quij8RiBfgAfs4CF9QydxiyilaGRb_N73PzBNdzwEASAOa3zMUJ7PUK2okH8yVIFQYOCTygdgOwcqbHTltoFo4FDwtEY_lJQtJtG27fh4sWii0EifQW9RlKfBOJKltocdGBasw5WbTuhItYG47eH9uPfzMG66qpWwArxi7KgQ",
  "e" => "AQAB",
  "factors" => []
]);

return Load::jws($token)
  ->alg('RS256')
  ->key($jwk)
  ->run(); 

I stepped through the code and noticed that in Validate.php $this->algorithms is not being set. Here is the line of code:

jwt-framework/src/Easy/Validate.php

Line 41 in 0e9ae10

$verifier = new JWSVerifier(new AlgorithmManager($this->algorithms));

I'm not exactly sure at what point $this->algorithms should be getting set though?

UPDATE:
I decided to do a bit more digging, and found that in AbstractLoader.php in the alg() function, it passes in a string of RS256 and the switch statement only sets $this->allowedAlgorithms when it is a string:
https://github.com/web-token/jwt-framework/blob/v2.1/src/Easy/AbstractLoader.php#L205

Version: web-token/jwt-easy v2.1
https://github.com/web-token/jwt-easy

[neuquen]

I noticed that in the alg() function of AbstractLoader.php, if the value passed in was an instance of Algorithm then $this->algorithms would be set (see: https://github.com/web-token/jwt-framework/blob/v2.1/src/Easy/AbstractLoader.php#L208), so I decided to install the signature algorithm plugin mentioned on this page: composer require web-token/jwt-signature-algorithm-rsa

And after doing so, I then just passed in an instance of RS256():

use Jose\Component\Signature\Algorithm\RS256;
...
return Load::jws($token)
      ->alg(new RS256())
      ->key($jwk)
      ->run();

And everything seems to work now.

[Spomky]

decided to install the signature algorithm plugin mentioned on this page: composer require web-token/jwt-signature-algorithm-rsa

That was the problem. Indeed to use an algorithm, you must install the associated package.
This is mentioned in the doc (“Step 1”), but it looks like it is not clear enough.
This section will be updated as well as the error message.

With the RSA package installed, the line ->alg('RS256') should work as expected.

[neuquen]

@Spomky Ah, yep. You are correct. Passing in a string works now too. Thanks!

I glossed over step 1 without even noticing. Even just linking to the signature algorithms page would help clarify that step.

[Spomky]

Great!
The documentation has been updated accordingly.
I let this issue opened as a reminder for the error messages

[Spomky]

Closing as answered

[jayenashar]

any thoughts on changing the error message? maybe printing supported algorithms, or if there are none, asking the user to check if the appropriate package is installed?

[itzmeesuvm]

When trying to sign with HS256, It works perfectly fine :

jws.sign({'a': 'b'}, 'secret', algorithm='HS256')

But same when i try with RS256, It is failing:

signed = jws.sign({'a': 'b'}, 'secret', algorithm='RS256')
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/jose/backends/cryptography_backend.py", line 231, in init
self.prepared_key = load_pem_public_key(key, self.cryptography_backend())
File "/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1273, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1526, in _handle_key_loading_error
raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.

Can anyone help

[Spomky]

Please make sure the web-token/jwt-signature-algorithm-rsapackage is installed

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.