Getting Invalid Signature while validaing Facebook Limited Login's JWT
Jay21022001 opened this issue · comments
Checklist before submitting a bug report
- I've updated to the latest released version of the SDK
- I've searched for existing GitHub issues
- I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
- I've read the Code of Conduct
- This issue is not security related and can safely be disclosed publicly on GitHub
Xcode version
1.1.1
Facebook iOS SDK version
17.0.1
Dependency Manager
Other / I don't know
SDK Framework
Login
Goals
While Verifying Facebook Limited Login JWT, The Signature should be verified, But It throws "invalid signature" Error
Expected results
The Signature should be verified successfully
Actual results
It throws an "Invalid Signature" Error
Error: invalid signature
Steps to reproduce
- Pass your nonce and get the JWT from the Facebook
- Call the Facebook's JWKS and get your Public key
- Verify the signature => It throws an Invalid Signature
Code samples & details
const decoded = jwt.decode(token, { complete: true });
const { kid, alg } = decoded.header;
const key = await this.getPublicKey(kid);
const signingKey = key.getPublicKey();
console.log(signingKey)
return jwt.verify(token, signingKey, {
algorithms: [alg],
});
static async getPublicKey(kid) {
const client = jwksClient({
jwksUri: FACEBOOK_JWKS_URL,
timeout: API_TIMEOUT
});
return client.getSigningKey(kid);
}