PEM encoded public keys
jonahcwest opened this issue · comments
Using a PEM encoded public key like the following:
-----BEGIN CERTIFICATE-----
abc123...
-----END CERTIFICATE-----
And decoding it with the following:
try {
auto decoded = jwt::decode(token, algorithms({"rs256"}), secret(cert));
} catch (jwt::InvalidSignatureError &e) {
std::cout << e.what();
}
where cert
is the certificate above, a jwt::InvalidSignatureError
is thrown with the message verification failed
. Using the same certificate on jwt.io with a valid token works. Does the certificate need to be processed by something else before it can be used to decode a token? If so, should documentation be added for this? I'm using the Google Sign-In API and most of the other libraries I've used work fine.
@jonahcwest
Would it be possible to share the certificate that you are testing with privately ? If you can please do send it out on arun11299@gmail.com.
Also provide the OS, openssl version that you are using.
The certificate is the Google OAuth certificate from googleapis.com/oauth2/v1/certs. The result of openssl version
is OpenSSL 1.1.1c 28 May 2019
. I'm using the debian:buster
Docker image.
I'm pretty sure I was using the correct key and all, but I'm going to give it another shot.