Getting Invalid Signature while validaing Facebook Limited Login's JWT

Question

Getting Invalid Signature while validaing Facebook Limited Login's JWT

Jay21022001 opened this issue 2 months ago · comments

Jay21022001 commented 2 months ago

Checklist before submitting a bug report

I've updated to the latest released version of the SDK
I've searched for existing GitHub issues
I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
I've read the Code of Conduct
This issue is not security related and can safely be disclosed publicly on GitHub

Xcode version

1.1.1

Facebook iOS SDK version

17.0.1

Dependency Manager

Other / I don't know

SDK Framework

Login

Goals

While Verifying Facebook Limited Login JWT, The Signature should be verified, But It throws "invalid signature" Error

Expected results

The Signature should be verified successfully

Actual results

It throws an "Invalid Signature" Error

Error: invalid signature

Steps to reproduce

Pass your nonce and get the JWT from the Facebook
Call the Facebook's JWKS and get your Public key
Verify the signature => It throws an Invalid Signature

Code samples & details

const decoded = jwt.decode(token, { complete: true });
const { kid, alg } = decoded.header;
const key = await this.getPublicKey(kid);
const signingKey = key.getPublicKey();
console.log(signingKey)
return jwt.verify(token, signingKey, {
    algorithms: [alg],
});

static async getPublicKey(kid) {
    const client = jwksClient({
    jwksUri: FACEBOOK_JWKS_URL,
    timeout: API_TIMEOUT
    });
    return client.getSigningKey(kid);
}