[Q] validationConstraints is true?
mrmuminov opened this issue · comments
'validationConstraints' => static fn (\bizley\jwt\Jwt $jwt) {
$config = $jwt->getConfiguration();
return [
new \Lcobucci\JWT\Validation\Constraint\SignedWith($config->signer(), $config->signingKey()),
new \Lcobucci\JWT\Validation\Constraint\LooseValidAt(
new \Lcobucci\Clock\SystemClock(new \DateTimeZone(\Yii::$app->timeZone)),
new \DateInterval('PT10S')
),
];
}
$config->signingKey()
it's true?
If this signingKey() is in this case,
PrivateKey is accessed by the LCobucci\JWT\Signer\OpenSSL::getPublicKey method.
private function getPublicKey(string $pem)
{
$publicKey = openssl_pkey_get_public($pem);
$this->validateKey($publicKey);
return $publicKey;
}
In the getPublicKey method, the openssl_pkey_get_public method is given a private key, shouldn't this method be given a publicKey?
So when I looked at the docs (with the above $config->signingKey() on its own) I got the following error when validating the token
{
"name":"Exception",
"message":"It was not possible to parse your key, reason:\n* error:0480006C:PEM routines::no start line\n* error:0480006C:PEM routines::no start line\n* error:0480006C:PEM routines::no start line\n* error:0480006C:PEM routines::no start line\n* error:0480006C:PEM routines::no start line\n* error:0480006C:PEM routines::no start line",
"code":0,
"type":"Lcobucci\\JWT\\Signer\\InvalidKeyProvided",
"file":"/var/www/vendor/lcobucci/jwt/src/Signer/InvalidKeyProvided.php",
"line":13,
"stack-trace":[
"#0 /var/www/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(109): Lcobucci\\JWT\\Signer\\InvalidKeyProvided::cannotBeParsed()",
"#1 /var/www/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(95): Lcobucci\\JWT\\Signer\\OpenSSL->validateKey()",
"#2 /var/www/vendor/lcobucci/jwt/src/Signer/OpenSSL.php(80): Lcobucci\\JWT\\Signer\\OpenSSL->getPublicKey()",
"#3 /var/www/vendor/lcobucci/jwt/src/Signer/Ecdsa.php(38): Lcobucci\\JWT\\Signer\\OpenSSL->verifySignature()",
"#4 /var/www/vendor/lcobucci/jwt/src/Validation/Constraint/SignedWith.php(32): Lcobucci\\JWT\\Signer\\Ecdsa->verify()",
"#5 /var/www/vendor/lcobucci/jwt/src/Validation/Validator.php(48): Lcobucci\\JWT\\Validation\\Constraint\\SignedWith->assert()",
"#6 /var/www/vendor/bizley/jwt/src/Jwt.php(313): Lcobucci\\JWT\\Validation\\Validator->validate()",
"#7 /var/www/vendor/bizley/jwt/src/JwtHttpBearerAuth.php(158): bizley\\jwt\\Jwt->validate()",
"#8 /var/www/vendor/bizley/jwt/src/JwtHttpBearerAuth.php(125): bizley\\jwt\\JwtHttpBearerAuth->processToken()",
"#9 /var/www/vendor/yiisoft/yii2/filters/auth/AuthMethod.php(59): bizley\\jwt\\JwtHttpBearerAuth->authenticate()",
"#10 /var/www/vendor/yiisoft/yii2/base/ActionFilter.php(77): yii\\filters\\auth\\AuthMethod->beforeAction()",
"#11 [internal function]: yii\\base\\ActionFilter->beforeFilter()",
"#12 /var/www/vendor/yiisoft/yii2/base/Component.php(633): call_user_func()",
"#13 /var/www/vendor/yiisoft/yii2/base/Controller.php(297): yii\\base\\Component->trigger()",
"#14 /var/www/vendor/yiisoft/yii2/web/Controller.php(218): yii\\base\\Controller->beforeAction()",
"#15 /var/www/vendor/yiisoft/yii2/base/Controller.php(176): yii\\web\\Controller->beforeAction()",
"#16 /var/www/vendor/yiisoft/yii2/base/Module.php(552): yii\\base\\Controller->runAction()",
"#17 /var/www/vendor/yiisoft/yii2/web/Application.php(103): yii\\base\\Module->runAction()",
"#18 /var/www/vendor/yiisoft/yii2/base/Application.php(384): yii\\web\\Application->handleRequest()",
"#19 /var/www/backend/web/index.php(18): yii\\base\\Application->run()",
"#20 {main}"
],
"success":false
}
I then (after a lot of searching :D) ,
from this
and the error went away
Sorry my english :) (sorry from google translate xD)
First, I checked the OpenSSL library for these errors, as I initially thought there was a problem with the key
Indeed you are right, my mistake :) Thank you for the report, I'll correct this in the example.