Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verifyJWT error TypeError: Cannot read property 'alg' of undefined #613

Open
lukepayyapilli opened this issue Mar 11, 2024 · 6 comments
Open

verifyJWT error TypeError: Cannot read property 'alg' of undefined #613

lukepayyapilli opened this issue Mar 11, 2024 · 6 comments

Comments

@lukepayyapilli
Copy link

lukepayyapilli commented Mar 11, 2024
edited

I tried following the docs:

// simple validation for HS256
isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}),

This is what I'm running:
const isValid = KJUR.jws.JWS.verifyJWT(token, jwtSecret, {alg: ["HS256"]});

but this throws an error:
TypeError: Cannot read property 'alg' of undefined

Please let me know what I'm missing. It seems like according to the docs this should work.

I'm using these versions:

"typescript": "5.0.4",
"jsrsasign": "11.1.0",
"jsrsasign-util": "1.0.5"

Thanks!
@kjur
Copy link
Owner

kjur commented Mar 12, 2024

It doesn't seem your "token" value have an "alg" attribute with "HS256".
You can find an example at this site:
https://jwt.io/

@lukepayyapilli
Copy link
Author

lukepayyapilli commented Mar 13, 2024
edited

it does - I copied my token to the site and was able to properly verify it. I'm using the exact same token and getting this error when calling verifyJWT. I'm not sure if its an issue with typescript since its saying it is a type error.

Since this is local development(my secret I'm using is just super_secret), I'll provide an example of the log of values I'm passing to the function and the logic of my method:

My auth logic:

    logger.info(payload);
    const token = payload;
    const [encodedHeader, encodedPayload, encodedSignature] = token.split('.');
    try {
        const jwtSecret = ctx.env.JWT_VALUE;

        if (!jwtSecret) {
            logger.error("JWT secret not provided in environment variable");
            return JSON.stringify({ error: "JWT secret not provided" });
        }
        const decodedPayload = JSON.parse(KJUR.b64utoutf8(encodedPayload));
        logger.info("ENCODED HEADER: " + encodedHeader);
        logger.info("DECODED HEADER: " + KJUR.b64utoutf8(encodedHeader))
        logger.info("ENCODED SIGNATURE: " + encodedSignature);
        logger.info("DECODED PAYLOAD SUB: " + decodedPayload.sub);

        const currentTimestamp = Math.floor(Date.now() / 1000);

        if (decodedPayload.exp && decodedPayload.exp < currentTimestamp) {
            logger.error("JWT has expired");
            return JSON.stringify({ error: "JWT has expired" });
        }
        // TODO: Implement signature verification once this issue is resolved:
        // https://github.com/kjur/jsrsasign/issues/613
         const isValid = jsrsasign.KJUR.jws.JWS.verifyJWT(token, jwtSecret, {"alg": ["HS256"]});

         if (!isValid) {
             logger.error("JWT signature validation failed");
             return JSON.stringify({ error: "JWT signature validation failed" });
         }
      } catch (error) {
              logger.error(`JWT validation failed: ${error}`);
              return JSON.stringify({ error: `JWT validation failed: ${error}` });
          }
      }

Logs:

{"level":"info","caller":"server/runtime_javascript_logger.go:74","msg":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJsdWtlQGx1a2UuY29tIiwicGVybWlzc2lvbnMiOiJ1c2VyIiwiZXhwIjoxNzEwMzQ0OTg4fQ.vrPkZ1Nh6_4qyRn7gQ3N7frpl-JS3XGhOc_gxQNc8zg"}
{"level":"info","caller":"server/runtime_javascript_logger.go:74","msg":"ENCODED HEADER: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"}
{"level":"info","caller":"server/runtime_javascript_logger.go:74","msg":"DECODED HEADER: {\"alg\":\"HS256\",\"typ\":\"JWT\"}"}
{"level":"info","caller":"server/runtime_javascript_logger.go:74","msg":"ENCODED SIGNATURE: vrPkZ1Nh6_4qyRn7gQ3N7frpl-JS3XGhOc_gxQNc8zg"}
{"level":"info","caller":"server/runtime_javascript_logger.go:74","msg":"DECODED PAYLOAD SUB: luke@luke.com"}
{"level":"error","caller":"server/runtime_javascript_logger.go:94","msg":"JWT validation failed: TypeError: Cannot read property 'alg' of undefined"}

@lukepayyapilli
Copy link
Author

any ideas @kjur?

@kjur
Copy link
Owner

kjur commented Mar 21, 2024

@lukepayyapilli , I tried verifyJWT and works fine for me. Could you provide the token and the secret which was failed? I can investigate further for it.

@lukepayyapilli
Copy link
Author

@kjur it is included in the logs above:

secret: super_secret
token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJsdWtlQGx1a2UuY29tIiwicGVybWlzc2lvbnMiOiJ1c2VyIiwiZXhwIjoxNzEwMzQ0OTg4fQ.vrPkZ1Nh6_4qyRn7gQ3N7frpl-JS3XGhOc_gxQNc8zg

@lukepayyapilli
Copy link
Author

Another interesting piece of information @kjur is that I'm using goja instead of node for my runtime with typescript. I'm not sure if that matters in this case but unfortunately I have to use goja.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjur @lukepayyapilli