Giters

auth0-samples / auth0-rubyonrails-sample

Auth0 Integration Samples for Ruby on Rails Web Applications

Home Page:https://auth0.com/docs/quickstart/webapp/rails

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Authentication failure! Signature verification failed: JWT::VerificationError, Signature verification failed

kenan-memis opened this issue · comments

commented

Hello,

after following this tutorial, I am getting a verification error, at the step where callback url is requested. I already opened an issue under omniauth-auth0 gem but in case you may have an idea what's going on?

Simply what I am doing is, I have an initializer file for Auth0 config, and I have a link with href '/auth/auth0'. That's it. When I click the button, it makes a post request which has 302 respond. Then it makes the '/authorize' call and again a response with 302. Finally when it makes '/callback' request I am getting a verification error, where the log trace is:

jwt (2.7.0) lib/jwt/decode.rb:49:in `verify_signature'
jwt (2.7.0) lib/jwt/decode.rb:30:in `decode_segments'
jwt (2.7.0) lib/jwt.rb:29:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/auth0/jwt_validator.rb:52:in `decode'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:140:in `raw_info'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:69:in `block in <class:Auth0>'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `instance_eval'
omniauth (2.1.1) lib/omniauth/strategy.rb:109:in `block in compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `each'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `inject'
omniauth (2.1.1) lib/omniauth/strategy.rb:108:in `compile_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:102:in `extra_stack'
omniauth (2.1.1) lib/omniauth/strategy.rb:387:in `extra'
omniauth (2.1.1) lib/omniauth/strategy.rb:392:in `auth_hash'
omniauth (2.1.1) lib/omniauth/strategy.rb:417:in `callback_phase'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:93:in `callback_phase'
omniauth-auth0 (3.1.0) lib/omniauth/strategies/auth0.rb:125:in `callback_phase'
omniauth (2.1.1) lib/omniauth/strategy.rb:272:in `callback_call'
omniauth (2.1.1) lib/omniauth/strategy.rb:194:in `call!'
omniauth (2.1.1) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.1) lib/omniauth/builder.rb:44:in `call'
rack (2.2.6.4) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.6.4) lib/rack/etag.rb:27:in `call'
rack (2.2.6.4) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.6.4) lib/rack/head.rb:12:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/permissions_policy.rb:22:in `call'
actionpack (6.1.7.3) lib/action_dispatch/http/content_security_policy.rb:19:in `call'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.6.4) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/cookies.rb:697:in `call'
activerecord (6.1.7.3) lib/active_record/migration.rb:601:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.1.7.3) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (6.1.7.3) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
web-console (4.2.0) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.2.0) lib/web_console/middleware.rb:28:in `block in call'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `catch'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.1.7.3) lib/rails/rack/logger.rb:37:in `call_app'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `block in tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:37:in `tagged'
activesupport (6.1.7.3) lib/active_support/tagged_logging.rb:99:in `tagged'
railties (6.1.7.3) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.4.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/request_id.rb:26:in `call'
rack (2.2.6.4) lib/rack/method_override.rb:24:in `call'
rack (2.2.6.4) lib/rack/runtime.rb:22:in `call'
activesupport (6.1.7.3) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/static.rb:24:in `call'
rack (2.2.6.4) lib/rack/sendfile.rb:110:in `call'
actionpack (6.1.7.3) lib/action_dispatch/middleware/host_authorization.rb:148:in `call'
rack-mini-profiler (2.3.4) lib/mini_profiler/profiler.rb:393:in `call'
webpacker (5.4.4) lib/webpacker/dev_server_proxy.rb:25:in `perform_request'
rack-proxy (0.7.6) lib/rack/proxy.rb:87:in `call'
railties (6.1.7.3) lib/rails/engine.rb:539:in `call'
puma (5.6.5) lib/puma/configuration.rb:252:in `call'
puma (5.6.5) lib/puma/request.rb:77:in `block in handle_request'
puma (5.6.5) lib/puma/thread_pool.rb:340:in `with_force_shutdown'
puma (5.6.5) lib/puma/request.rb:76:in `handle_request'
puma (5.6.5) lib/puma/server.rb:443:in `process_client'
puma (5.6.5) lib/puma/thread_pool.rb:147:in `block in spawn_thread'

Until this point, I haven't sent any user credentials (email/password) to sign in, I wonder which token signature is unverified?