Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 22 17:57
    lcobucci commented #786
  • Sep 22 17:57
    lcobucci closed #786
  • Sep 22 17:57
    lcobucci assigned #786
  • Sep 22 17:57
    lcobucci labeled #786
  • Sep 22 17:56
    lcobucci commented #786
  • Sep 22 14:37
    Patrick-Remy commented #786
  • Sep 22 14:36
    Patrick-Remy commented #786
  • Sep 22 14:35
    SvenRtbg commented #786
  • Sep 22 14:31
    Patrick-Remy opened #786
  • Sep 17 09:20
    Ocramius labeled #785
  • Sep 17 09:20
    Ocramius labeled #785
  • Sep 17 09:20
    Ocramius assigned #785
  • Sep 17 09:20
    Ocramius closed #785
  • Sep 17 09:20
    Ocramius commented #785
  • Sep 17 09:18
    llbgo opened #785
  • Sep 10 07:54
    lcobucci closed #783
  • Sep 10 07:54
    lcobucci locked #783
  • Sep 10 07:54
    lcobucci commented #783
  • Sep 10 06:38
    SvenRtbg commented #783
  • Sep 10 06:29
    sarfarazsavvy opened #783
Luís Cobucci
@lcobucci
@theLine there are no dumb questions 🙂
I've never used SSH keys being used for openssl operations.
What you should into is generating a key pair with openssl
Luís Cobucci
@lcobucci
openssl genpkey -algorithm RSA -aes256 -out private.pem
openssl rsa -in private.pem -pubout -outform PEM -out public.pem
These should help you
Merck Ogoy
@m3rck_gitlab
hi, im getting this error when I try to login via api on my pap/laravel endpoint:
It was not possible to parse your key, reason: in file /home/vagrant/code/btp/new_api/vendor/lcobucci/jwt/src/Signer/OpenSSL.php on line 90
any idea?
Luís Cobucci
@lcobucci
@m3rck_gitlab it looks like your keys are not configured. I can't tell you much more than that, I don't use Laravel
Merck Ogoy
@m3rck_gitlab
@lcobucci thanks for responding, what keys are those? thanks!
1 reply
johnrhunt
@johnrhunt
has anyone ever had a problem with nested claims and this package?
we're having some extreme weirdness on one of our production servers with claims getting deeply nested for unknown reasons..
v3.3.3
maybe that's too old.. perhaps we should just try upgrading..
Luís Cobucci
@lcobucci
@johnrhunt that's extremely weird. The library's version shouldn't cause that. Can you send us a gist with the logic causing that?
johnrhunt
@johnrhunt
not yet, but I might do soon.. it's very, very odd behaviour. We have the same code deployed on two of our other production environments and it behaves as expected.. currently in the investigation phase but it's a bit complex as only our ops guys can do stuff on those envs
Andrei Dascalu
@andrei-dascalu
hello! is there someone who can help a dumb beginner? With v4 I need to parse & validate a token that was signed with a private key. I have the public key, but I don't see how I can create a config with just a public key?
johnrhunt
@johnrhunt
there's two different ways of signing tokens.. one is using a public key, the other is using a private key.. I think this commonly this is RS256 and HS256
two different ways I know of anyway.. you can probably do something with certificates too
Daniel Strøm
@Danielss89
Hello. I creating a sign-in flow with azure active directory, and i'm getting a jwt back. I can't seem to figure out how to parse/validate a token from 3rd party? I would only need azures public key for this, but as i read in the docs, i always need to pass a private key to the config object too?
Luís Cobucci
@lcobucci
max-php
@max-php:matrix.org
[m]
Hello
i am trying to make sound when database row will uptade
can you help me?
fdsgsven
@fdsgsven
Hi,
i have a question: I cretae a JWT with iat an DateTimeImmutable Object providing a certain timezone: new DateTimeZone('Europe/Berlin')
That is also visible if i dump the token object. But if i converti it to string and read it out the TZ is gone. Is this an expected behaviour?
Luís Cobucci
@lcobucci
@fdsgsven that's indeed expected because we use timestamps for the token (and they're always in UTC). If you add the timezone to the object, you'll have the local time converted to the correct time.
fdsgsven
@fdsgsven
@lcobucci Thank you for clarification.
Another question: I want to validate and external verified token. "Configuration::forAsymmetricSigner" want me to have a private key which i will never have. What would be the best practice to validate such a token? (i could generate a dummy private key but doesn't feel right)
Luís Cobucci
@lcobucci
Yassine Rais
@yassinrais
@max-php:matrix.org hey, you are posting in the wrong group, this is only for the lcobucci/jwt library , also your question is not a general question its a complex full steps to do, and you should have at least basic of php before you are trying to make it, no one will help you in that case ! facts\
fdsgsven
@fdsgsven
Ok that answers my question perfectly. Thank you @lcobucci
Josh Lewis!
@joshlewis

Hey all. I'm trying to use the lcobucci/jwt library to verify a JWT given by Amazon Cognito.

I believe this is the type of token that is supposed to be verified only using the public key without access to the private key, but I'm not totally sure of that. I'm not trying to create a JWT, only to verify one.

Regardless, Cognito has something they call a "public JSON Web Key". Does lcobucci/jwt work with JWKs? I don't see any reference to them in the documentation.

Here's an example of a JWK: https://www.gstatic.com/iap/verify/public_key-jwk It's probably more correct to say that's a set of them, not just one.
Josh Lewis!
@joshlewis
You know, I think https://github.com/lcobucci/jwt/discussions/720 might actually answer part of my question too. :D
Luís Cobucci
@lcobucci
Hey @joshlewis 👋 we don't yet support JWKs but there are tools you can use to convert a JWK into a PEM certificate or the key you need to pass to the lib
stephaneThannio
@stephaneThannio
Hello all how to declare $container with this project?
Thanks a lot
Luís Cobucci
@lcobucci
@stephaneThannio it does not. Perhaps you've missed the note at the top of page (eg https://lcobucci-jwt.readthedocs.io/en/stable/issuing-tokens/)
The examples here fetch the configuration object from a hypothetical dependency injection container. You can create it in the same script or require it from a different file. It basically depends on how your system is bootstrapped.
Constantinos Sergiou
@constantinosergiou
Hello all
i have this issue Class 'App\Http\Controllers\Lcobucci\JWT\Signer\Hmac\Sha256' not found
Constantinos Sergiou
@constantinosergiou
fixed :)
Mohinish Sharma
@mohinishsharma
Hi all,
im trying to use this lib with lumen and im getting Target [Lcobucci\JWT\Configuration] is not instantiable.
can anyone help me out in this?
Luís Cobucci
@lcobucci
@mohinishsharma check which version of the library is installed on your project. That class only exists on v3.4+
Rose Riyadh
@RoseRiyadh
hello, I'm trying to get my laravel project upgraded from 5.8 up to 8 to have sign in with apple, I'm getting this error Class 'Lcobucci\JWT\Validation\Constraint\LooseValidAt' not found
what should I do?
@lcobucci
Marco Pivetta
@Ocramius
Sounds like the dependency to lcobucci/jwt is broken in your project. LooseValidAt exists in 4.2.x: https://github.com/lcobucci/jwt/blob/a8acedb920bb48de30bad1aa9e6d242903ecd693/src/Validation/Constraint/LooseValidAt.php#L13 . It does not exist in 3.x, so your dependency got upgraded, probably because a laravel component did not declare compatibility with 3.x specifically.
ah, sorry, the opposite
code needs 4.x code, but you are using 3.x
Rose Riyadh
@RoseRiyadh
@Ocramius so I should update my lcobucci to ^4