Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 05 09:35
    lcobucci locked #793
  • Oct 05 09:35
    lcobucci commented #793
  • Oct 05 08:10
    ionics closed #793
  • Oct 05 08:10
    ionics commented #793
  • Oct 05 07:57
    SvenRtbg commented #793
  • Oct 05 07:51
    SvenRtbg commented #793
  • Oct 05 07:29
    ionics opened #793
  • Oct 01 06:07

    github-actions[bot] on 4.2.x

    Bump shivammathur/setup-php fro… Bump shivammathur/setup-php fro… (compare)

  • Oct 01 06:07

    github-actions[bot] on github_actions

    (compare)

  • Oct 01 06:07
    github-actions[bot] closed #791
  • Oct 01 06:05
    dependabot[bot] synchronize #791
  • Oct 01 06:05

    dependabot[bot] on github_actions

    Bump shivammathur/setup-php fro… (compare)

  • Oct 01 06:05
    dependabot[bot] edited #791
  • Oct 01 06:05
    dependabot[bot] edited #791
  • Oct 01 06:04

    github-actions[bot] on 4.2.x

    Bump ridedott/merge-me-action f… Bump ridedott/merge-me-action f… (compare)

  • Oct 01 06:04

    github-actions[bot] on github_actions

    (compare)

  • Oct 01 06:04
    github-actions[bot] closed #792
  • Oct 01 06:03
    dependabot[bot] synchronize #791
  • Oct 01 06:03
    dependabot[bot] synchronize #792
  • Oct 01 06:03

    dependabot[bot] on github_actions

    Bump ridedott/merge-me-action f… (compare)

Bertrand Kintanar
@bkintanar
@lcobucci thank you! I figured it out. :D thanks for this awesome package.
Luís Cobucci
@lcobucci
@bkintanar brilliant! Thanks ❤️
Christian Freear
@cfreear
Is there a recommended way to handle the kid claim in v4?
It used to be we could parse a token to retrieve the kid header to know which key to load but in order to parse a token in v4 it looks like you have to load a key first is this correct?
Christian Freear
@cfreear

Oh actually I've just done this:

$parser = new \Lcobucci\JWT\Token\Parser(new \Lcobucci\JWT\Encoding\JoseEncoder());
$token = $parser->parse($authToken);

and it seems to work, I can extract the kid with:

$kid = $token->headers()->get('kid');

and build a config object "correctly" from there, does this look ok?

Luís Cobucci
@lcobucci
It does, bear in mind that the config object is not a must have. It's a service locator to make things simpler but can be bypassed.
We'll be working on jwk stuff soon then the support for kid and key sets should also be improved
Christian Freear
@cfreear
Ok thanks for that, great work on the library by the way :)
Luís Cobucci
@lcobucci
@cfreear thanks, really appreciate it ❤️
Yassine Rais
@yassinrais
@lcobucci I think the are a problem with the expire time provider, when it exported to a JSON it convert expire time to a string, and when another JWT parser try to parse it, it's giving error that the expire time is invalid format "string"
Yassine Rais
@yassinrais
image.png

example

generated by the method ->toString()

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAiLCJhdWQiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAiLCJpYXQiOiIxNjE1NzUwODQzLjk2Mzg4MCIsImp0aSI6ImYyMjYwYjZjNTM5MTk5YjFmZGM1YmFjODFlNWIxNDNhIiwiZXhwIjoiMTYxNzA0MzI0My45NjM4ODAiLCJ1aWQiOiI1MDA5OTFjMS1lMWNhLTQ5ODUtYjBiMy1mNWNiYmRhNmU5MGIifQ._FgRzQFb4wtXk7zDoQofZH30KyhYx2jKOtyWh-cQtjw

[IMAGE] decoded by official JWT website

{
  "iss": "http://127.0.0.1:8000",
  "aud": "http://127.0.0.1:8000",
  "iat": "1615750843.963880",
  "jti": "f2260b6c539199b1fdc5bac81e5b143a",
  "exp": "1617043243.963880",
  "uid": "500991c1-e1ca-4985-b0b3-f5cbbda6e90b"
}

we should expect

{
  "iss": "http://127.0.0.1:8000",
  "aud": "http://127.0.0.1:8000",
  "iat": 1615750843.963880,
  "jti": "f2260b6c539199b1fdc5bac81e5b143a",
  "exp": 1617043243.963880,
  "uid": "500991c1-e1ca-4985-b0b3-f5cbbda6e90b"
}

instead of the previus one

Yassine Rais
@yassinrais
I will open an issue about this problem
Yassine Rais
@yassinrais
i just saw that php <8 is converting float to 4 digits after . and that to sad :(
Yassine Rais
@yassinrais
🤔 @lcobucci check this please https://3v4l.org/H0EN3
Yassine Rais
@yassinrais
im sur that just printer methods who make it 4 digits max , the float still the same so using float will not be an issue anymore :)
Luís Cobucci
@lcobucci
I see... we need to be absolutely sure that no rounding issues will happen
If we can get into tests and running on CI then I'm good acknowledging my mistake here and accepting the fix
Would like to give it a go?
You can use v4.0.x as reference, @yassinrais
Yassine Rais
@yassinrais

let me do more tests & research about this one ,

I agree about this quote : "never trust floats" ,
but in our case we have only 6 digits after the .
so it not going to round the number,

but at the moment we have more then 6 digits! here the problem of rounding is beginning
to see an example check this link https://3v4l.org/XKHV4

i m waiting for your reply 😁

Luís Cobucci
@lcobucci
We're dealing with microseconds precision, so it should not go beyond 6 digits. We must make sure that creating the DateTimeImmutable object will always have the value we had before the encoding
That's the main thing we need to test
Yassine Rais
@yassinrais
Im not sur how to make good tests about Datetimeimmutable, so i will let someone do it 😅
Luís Cobucci
@lcobucci
@yassinrais this is the kind of tests I'm referring to:
Unless I'm doing something wrong there, my belief regarding rounding behaviour is confirmed
Yassine Rais
@yassinrais
Very interesting test !
but instead of using (string) try to use json_encode()
https://3v4l.org/EpaDX
(+ https://3v4l.org/enKbj)
More info : https://www.php.net/manual/en/ini.core.php#ini.serialize-precision
😁👌
Yassine Rais
@yassinrais

advanced example with json encoding array and decoding
https://3v4l.org/cAFijB

i will try to use the branch 4.0.x to create more clear tests

Yassine Rais
@yassinrais
I opened a pull request with my solution, can you check it please and try to tell me if this is a possible future solution or not :) lcobucci/jwt#706 depending on what are you believing at as a author of this library 😁👌
Luís Cobucci
@lcobucci
Will check it ASAP, thanks for taking the time!
Yassine Rais
@yassinrais

Will check it ASAP, thanks for taking the time!

No worries 🤗

Filimoni Naisua
@BillKG
Lcobucci\JWT\Token\InvalidTokenStructure: Value is not in the allowed date format: 1616215524.98320102691650390625 in file /vendor/lcobucci/jwt/src/Token/InvalidTokenStructure.php on line 23
been stuck on this issue for a while now anyone came across this before and can help
Filimoni Naisua
@BillKG
nvm solved by updating Lcobucci\JWT version to 4.0
Yassine Rais
@yassinrais
@lcobucci i dont think it will be from the (float) $date->format('U.u'); 🤔
Yassine Rais
@yassinrais
@BillKG can you tell us , how did you generate those tokens ? if you dont mind 😁
theLine
@theLine

Hi, I wan't to use asymetric signing and created a new RSA key pair for that, but I'm getting the following error:

Lcobucci\JWT\Signer\InvalidKeyProvided: It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line in lcobucci/jwt/src/Signer/InvalidKeyProvided.php on line 13

Here's my configuration:

$config = Configuration::forAsymmetricSigner(
    new \Lcobucci\JWT\Signer\Rsa\Sha512(),
    LocalFileReference::file('/path/to/key.id_rsa'),
    LocalFileReference::file('/path/to/key.id_rsa.pem'),
);

I've created the SSH key and PEM file with the following commands:

ssh-keygen -t RSA -b 4096 # no passphrase
ssh-keygen -f key.id_rsa -e -m pem > key.id_rsa.pem

Sorry if that's a dumb question, but I'm not that familiar with cryptography :see_no_evil:
Thanks in advance!

Luís Cobucci
@lcobucci
@theLine there are no dumb questions 🙂
I've never used SSH keys being used for openssl operations.
What you should into is generating a key pair with openssl
Luís Cobucci
@lcobucci
openssl genpkey -algorithm RSA -aes256 -out private.pem
openssl rsa -in private.pem -pubout -outform PEM -out public.pem
These should help you
Merck Ogoy
@m3rck_gitlab
hi, im getting this error when I try to login via api on my pap/laravel endpoint:
It was not possible to parse your key, reason: in file /home/vagrant/code/btp/new_api/vendor/lcobucci/jwt/src/Signer/OpenSSL.php on line 90
any idea?
Luís Cobucci
@lcobucci
@m3rck_gitlab it looks like your keys are not configured. I can't tell you much more than that, I don't use Laravel
Merck Ogoy
@m3rck_gitlab
@lcobucci thanks for responding, what keys are those? thanks!
1 reply
johnrhunt
@johnrhunt
has anyone ever had a problem with nested claims and this package?