Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Payload Mismatch when payload includes a datetime #1

Open
sramsden opened this issue Sep 4, 2018 · 1 comment
Open

Payload Mismatch when payload includes a datetime #1

sramsden opened this issue Sep 4, 2018 · 1 comment

Comments

@sramsden
Copy link

sramsden commented Sep 4, 2018

Multi Sig payload is generated via payload.to_json in JWT::Multisig#generate_jwt however the JWT gem has JWT::Encode#encoded_payload which uses JSON.generate(@payload)

The result is a slightly different datetime string but therefore a different payload and therefore an error when attempting to verify the signature from the multisig jwt.

This can be illustrated in a rails console via ..

>> now = Time.now.utc
2018-09-04 06:42:42 UTC
>> {time: now}.to_json
"{\"time\":\"2018-09-04T06:42:42.337Z\"}"
>> JSON.generate({time: now})
"{\"time\":\"2018-09-04 06:42:42 UTC\"}"

.. noting the difference in the timestamps.

What is the solution?
Either change jwt-multisig gem to use JSON.generate or have the author of the https://github.com/jwt/ruby-jwt/blob/master/lib/jwt/encode.rb change code to use .to_json
@webdev778
Copy link

very similar issue, I'm facing, it get failed when including special character '&' in payload.

ManagementAPI check_jwt error: #<JWT::VerificationError: Signature verification raised>"

@jengjeng jengjeng mentioned this issue Dec 15, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sramsden @webdev778