Unable to sign ES256 JWT
jstarschuyler opened this issue · comments
I've been attempting to use this library in one of our projects for the past day but I am unable to sign the JWT with the ES256 algorithm. We are using Openssl 1.0.2 and it is correctly linked into our project.
We've followed your examples and test code:
// kid and iss are strings defined by the 3rd party API
jwt::jwt_object obj{
algorithm("ES256"),
headers({
{"kid", kid},
}),
payload({
{"iss", iss}
}),
secret(privateKey)
};
// iat and exp are calculated elsewhere, in milliseconds
obj.add_claim("iat", iat)
.add_claim("exp", exp);
const string sig = obj.signature();
I've managed to trace the issue to line 207
in algorithm.ipp
:
EVP_PKEY* pkey = PEM_read_bio_PrivateKey(
bio_ptr.get(), nullptr, nullptr, nullptr);
pkey
is getting set to NULL
, which eventually causes an error to be thrown.
Our secret/private key is in the PEM format. From various sources online, I tried to add new lines to our PEM string, to simulate being read from a file, but that did not help.
Any help you can provide would be very appreciated. Thanks!
Hello @jstarschuyler
Would it be possible for you to share the public and the private key that you are using. Otherwise the commands you used to generate them.
Thanks.
I cannot disclose those.
Ok. Are the tests passing ?
I haven't integrated them into our test build yet but let me try that now. We also use the Google Test Framework so I don't imagine it will take long.
I was unable to get the tests running with our system. However I found this article which solved my problem: https://forums.developer.apple.com/thread/82950
Apparently Apple will provide a .p8 file looks like it's in the PEM format. OpenSSL requires the private key to be broken up into 64-character chunks per line.