You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multi Sig payload is generated via payload.to_json in JWT::Multisig#generate_jwt however the JWT gem has JWT::Encode#encoded_payload which uses JSON.generate(@payload)
The result is a slightly different datetime string but therefore a different payload and therefore an error when attempting to verify the signature from the multisig jwt.
This can be illustrated in a rails console via ..
>> now = Time.now.utc
2018-09-04 06:42:42 UTC
>> {time: now}.to_json
"{\"time\":\"2018-09-04T06:42:42.337Z\"}"
>> JSON.generate({time: now})
"{\"time\":\"2018-09-04 06:42:42 UTC\"}"
.. noting the difference in the timestamps.
What is the solution?
Either change jwt-multisig gem to use JSON.generate or have the author of the https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/encode.rb change code to use .to_json
The text was updated successfully, but these errors were encountered:
Multi Sig payload is generated via
payload.to_json
inJWT::Multisig#generate_jwt
however the JWT gem hasJWT::Encode#encoded_payload
which usesJSON.generate(@payload)
The result is a slightly different datetime string but therefore a different payload and therefore an error when attempting to verify the signature from the multisig jwt.
This can be illustrated in a rails console via ..
.. noting the difference in the timestamps.
What is the solution?
Either change
jwt-multisig
gem to useJSON.generate
or have the author of thehttps://github.com/jwt/ruby-jwt/blob/master/lib/jwt/encode.rb
change code to use.to_json
The text was updated successfully, but these errors were encountered: