Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 10 07:54
    lcobucci closed #783
  • Sep 10 07:54
    lcobucci locked #783
  • Sep 10 07:54
    lcobucci commented #783
  • Sep 10 06:38
    SvenRtbg commented #783
  • Sep 10 06:29
    sarfarazsavvy opened #783
  • Sep 09 07:56
    lcobucci closed #781
  • Sep 09 07:56
    lcobucci locked #781
  • Sep 09 07:55
    lcobucci commented #781
  • Sep 06 21:07
    betysam55 opened #781
  • Sep 05 21:57
    hallboav commented #32
  • Sep 01 06:07

    github-actions[bot] on github_actions

    (compare)

  • Sep 01 06:07

    github-actions[bot] on 4.2.x

    Bump codecov/codecov-action fro… Bump codecov/codecov-action fro… (compare)

  • Sep 01 06:07
    github-actions[bot] closed #780
  • Sep 01 06:06
    dependabot[bot] synchronize #780
  • Sep 01 06:06

    dependabot[bot] on github_actions

    Bump codecov/codecov-action fro… (compare)

  • Sep 01 06:06
    dependabot[bot] edited #780
  • Sep 01 06:05
    dependabot[bot] edited #780
  • Sep 01 06:05

    github-actions[bot] on github_actions

    (compare)

  • Sep 01 06:05

    github-actions[bot] on 4.2.x

    Bump ridedott/merge-me-action f… Bump ridedott/merge-me-action f… (compare)

  • Sep 01 06:05
    github-actions[bot] closed #779
Yassine Rais
@yassinrais
@lcobucci I think the are a problem with the expire time provider, when it exported to a JSON it convert expire time to a string, and when another JWT parser try to parse it, it's giving error that the expire time is invalid format "string"
Yassine Rais
@yassinrais
image.png

example

generated by the method ->toString()

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAiLCJhdWQiOiJodHRwOi8vMTI3LjAuMC4xOjgwMDAiLCJpYXQiOiIxNjE1NzUwODQzLjk2Mzg4MCIsImp0aSI6ImYyMjYwYjZjNTM5MTk5YjFmZGM1YmFjODFlNWIxNDNhIiwiZXhwIjoiMTYxNzA0MzI0My45NjM4ODAiLCJ1aWQiOiI1MDA5OTFjMS1lMWNhLTQ5ODUtYjBiMy1mNWNiYmRhNmU5MGIifQ._FgRzQFb4wtXk7zDoQofZH30KyhYx2jKOtyWh-cQtjw

[IMAGE] decoded by official JWT website

{
  "iss": "http://127.0.0.1:8000",
  "aud": "http://127.0.0.1:8000",
  "iat": "1615750843.963880",
  "jti": "f2260b6c539199b1fdc5bac81e5b143a",
  "exp": "1617043243.963880",
  "uid": "500991c1-e1ca-4985-b0b3-f5cbbda6e90b"
}

we should expect

{
  "iss": "http://127.0.0.1:8000",
  "aud": "http://127.0.0.1:8000",
  "iat": 1615750843.963880,
  "jti": "f2260b6c539199b1fdc5bac81e5b143a",
  "exp": 1617043243.963880,
  "uid": "500991c1-e1ca-4985-b0b3-f5cbbda6e90b"
}

instead of the previus one

Yassine Rais
@yassinrais
I will open an issue about this problem
Yassine Rais
@yassinrais
i just saw that php <8 is converting float to 4 digits after . and that to sad :(
Yassine Rais
@yassinrais
🤔 @lcobucci check this please https://3v4l.org/H0EN3
Yassine Rais
@yassinrais
im sur that just printer methods who make it 4 digits max , the float still the same so using float will not be an issue anymore :)
Luís Cobucci
@lcobucci
I see... we need to be absolutely sure that no rounding issues will happen
If we can get into tests and running on CI then I'm good acknowledging my mistake here and accepting the fix
Would like to give it a go?
You can use v4.0.x as reference, @yassinrais
Yassine Rais
@yassinrais

let me do more tests & research about this one ,

I agree about this quote : "never trust floats" ,
but in our case we have only 6 digits after the .
so it not going to round the number,

but at the moment we have more then 6 digits! here the problem of rounding is beginning
to see an example check this link https://3v4l.org/XKHV4

i m waiting for your reply 😁

Luís Cobucci
@lcobucci
We're dealing with microseconds precision, so it should not go beyond 6 digits. We must make sure that creating the DateTimeImmutable object will always have the value we had before the encoding
That's the main thing we need to test
Yassine Rais
@yassinrais
Im not sur how to make good tests about Datetimeimmutable, so i will let someone do it 😅
Luís Cobucci
@lcobucci
@yassinrais this is the kind of tests I'm referring to:
Unless I'm doing something wrong there, my belief regarding rounding behaviour is confirmed
Yassine Rais
@yassinrais
Very interesting test !
but instead of using (string) try to use json_encode()
https://3v4l.org/EpaDX
(+ https://3v4l.org/enKbj)
More info : https://www.php.net/manual/en/ini.core.php#ini.serialize-precision
😁👌
Yassine Rais
@yassinrais

advanced example with json encoding array and decoding
https://3v4l.org/cAFijB

i will try to use the branch 4.0.x to create more clear tests

Yassine Rais
@yassinrais
I opened a pull request with my solution, can you check it please and try to tell me if this is a possible future solution or not :) lcobucci/jwt#706 depending on what are you believing at as a author of this library 😁👌
Luís Cobucci
@lcobucci
Will check it ASAP, thanks for taking the time!
Yassine Rais
@yassinrais

Will check it ASAP, thanks for taking the time!

No worries 🤗

Filimoni Naisua
@BillKG
Lcobucci\JWT\Token\InvalidTokenStructure: Value is not in the allowed date format: 1616215524.98320102691650390625 in file /vendor/lcobucci/jwt/src/Token/InvalidTokenStructure.php on line 23
been stuck on this issue for a while now anyone came across this before and can help
Filimoni Naisua
@BillKG
nvm solved by updating Lcobucci\JWT version to 4.0
Yassine Rais
@yassinrais
@lcobucci i dont think it will be from the (float) $date->format('U.u'); 🤔
Yassine Rais
@yassinrais
@BillKG can you tell us , how did you generate those tokens ? if you dont mind 😁
theLine
@theLine

Hi, I wan't to use asymetric signing and created a new RSA key pair for that, but I'm getting the following error:

Lcobucci\JWT\Signer\InvalidKeyProvided: It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line in lcobucci/jwt/src/Signer/InvalidKeyProvided.php on line 13

Here's my configuration:

$config = Configuration::forAsymmetricSigner(
    new \Lcobucci\JWT\Signer\Rsa\Sha512(),
    LocalFileReference::file('/path/to/key.id_rsa'),
    LocalFileReference::file('/path/to/key.id_rsa.pem'),
);

I've created the SSH key and PEM file with the following commands:

ssh-keygen -t RSA -b 4096 # no passphrase
ssh-keygen -f key.id_rsa -e -m pem > key.id_rsa.pem

Sorry if that's a dumb question, but I'm not that familiar with cryptography :see_no_evil:
Thanks in advance!

Luís Cobucci
@lcobucci
@theLine there are no dumb questions 🙂
I've never used SSH keys being used for openssl operations.
What you should into is generating a key pair with openssl
Luís Cobucci
@lcobucci
openssl genpkey -algorithm RSA -aes256 -out private.pem
openssl rsa -in private.pem -pubout -outform PEM -out public.pem
These should help you
Merck Ogoy
@m3rck_gitlab
hi, im getting this error when I try to login via api on my pap/laravel endpoint:
It was not possible to parse your key, reason: in file /home/vagrant/code/btp/new_api/vendor/lcobucci/jwt/src/Signer/OpenSSL.php on line 90
any idea?
Luís Cobucci
@lcobucci
@m3rck_gitlab it looks like your keys are not configured. I can't tell you much more than that, I don't use Laravel
Merck Ogoy
@m3rck_gitlab
@lcobucci thanks for responding, what keys are those? thanks!
1 reply
johnrhunt
@johnrhunt
has anyone ever had a problem with nested claims and this package?
we're having some extreme weirdness on one of our production servers with claims getting deeply nested for unknown reasons..
v3.3.3
maybe that's too old.. perhaps we should just try upgrading..
Luís Cobucci
@lcobucci
@johnrhunt that's extremely weird. The library's version shouldn't cause that. Can you send us a gist with the logic causing that?
johnrhunt
@johnrhunt
not yet, but I might do soon.. it's very, very odd behaviour. We have the same code deployed on two of our other production environments and it behaves as expected.. currently in the investigation phase but it's a bit complex as only our ops guys can do stuff on those envs
Andrei Dascalu
@andrei-dascalu
hello! is there someone who can help a dumb beginner? With v4 I need to parse & validate a token that was signed with a private key. I have the public key, but I don't see how I can create a config with just a public key?
johnrhunt
@johnrhunt
there's two different ways of signing tokens.. one is using a public key, the other is using a private key.. I think this commonly this is RS256 and HS256
two different ways I know of anyway.. you can probably do something with certificates too
Daniel Strøm
@Danielss89
Hello. I creating a sign-in flow with azure active directory, and i'm getting a jwt back. I can't seem to figure out how to parse/validate a token from 3rd party? I would only need azures public key for this, but as i read in the docs, i always need to pass a private key to the config object too?