Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Dec 01 06:11

    github-actions[bot] on 4.2.x

    Bump actions/checkout from 2.3.… Bump actions/checkout from 2.3.… (compare)

  • Dec 01 06:11

    github-actions[bot] on github_actions

    (compare)

  • Dec 01 06:11
    github-actions[bot] closed #805
  • Dec 01 06:08
    dependabot[bot] edited #805
  • Dec 01 06:08
    dependabot[bot] edited #805
  • Dec 01 06:08
    dependabot[bot] synchronize #805
  • Dec 01 06:08

    dependabot[bot] on github_actions

    Bump actions/checkout from 2.3.… (compare)

  • Dec 01 06:08
    dependabot[bot] edited #805
  • Dec 01 06:07
    dependabot[bot] edited #805
  • Dec 01 06:07

    github-actions[bot] on github_actions

    (compare)

  • Dec 01 06:07

    github-actions[bot] on 4.2.x

    Bump shivammathur/setup-php fro… Bump shivammathur/setup-php fro… (compare)

  • Dec 01 06:07
    github-actions[bot] closed #806
  • Dec 01 06:06
    dependabot[bot] synchronize #805
  • Dec 01 06:06

    dependabot[bot] on github_actions

    Bump actions/checkout from 2.3.… (compare)

  • Dec 01 06:06
    dependabot[bot] edited #805
  • Dec 01 06:06
    dependabot[bot] synchronize #806
  • Dec 01 06:06

    dependabot[bot] on github_actions

    Bump shivammathur/setup-php fro… (compare)

  • Dec 01 06:06
    dependabot[bot] edited #806
  • Dec 01 06:05
    dependabot[bot] edited #805
  • Dec 01 06:05
    dependabot[bot] edited #806
max-php
@max-php:matrix.org
[m]
can you help me?
fdsgsven
@fdsgsven
Hi,
i have a question: I cretae a JWT with iat an DateTimeImmutable Object providing a certain timezone: new DateTimeZone('Europe/Berlin')
That is also visible if i dump the token object. But if i converti it to string and read it out the TZ is gone. Is this an expected behaviour?
Luís Cobucci
@lcobucci
@fdsgsven that's indeed expected because we use timestamps for the token (and they're always in UTC). If you add the timezone to the object, you'll have the local time converted to the correct time.
fdsgsven
@fdsgsven
@lcobucci Thank you for clarification.
Another question: I want to validate and external verified token. "Configuration::forAsymmetricSigner" want me to have a private key which i will never have. What would be the best practice to validate such a token? (i could generate a dummy private key but doesn't feel right)
Luís Cobucci
@lcobucci
Yassine Rais
@yassinrais
@max-php:matrix.org hey, you are posting in the wrong group, this is only for the lcobucci/jwt library , also your question is not a general question its a complex full steps to do, and you should have at least basic of php before you are trying to make it, no one will help you in that case ! facts\
fdsgsven
@fdsgsven
Ok that answers my question perfectly. Thank you @lcobucci
Josh Lewis!
@joshlewis

Hey all. I'm trying to use the lcobucci/jwt library to verify a JWT given by Amazon Cognito.

I believe this is the type of token that is supposed to be verified only using the public key without access to the private key, but I'm not totally sure of that. I'm not trying to create a JWT, only to verify one.

Regardless, Cognito has something they call a "public JSON Web Key". Does lcobucci/jwt work with JWKs? I don't see any reference to them in the documentation.

Here's an example of a JWK: https://www.gstatic.com/iap/verify/public_key-jwk It's probably more correct to say that's a set of them, not just one.
Josh Lewis!
@joshlewis
You know, I think https://github.com/lcobucci/jwt/discussions/720 might actually answer part of my question too. :D
Luís Cobucci
@lcobucci
Hey @joshlewis 👋 we don't yet support JWKs but there are tools you can use to convert a JWK into a PEM certificate or the key you need to pass to the lib
stephaneThannio
@stephaneThannio
Hello all how to declare $container with this project?
Thanks a lot
Luís Cobucci
@lcobucci
@stephaneThannio it does not. Perhaps you've missed the note at the top of page (eg https://lcobucci-jwt.readthedocs.io/en/stable/issuing-tokens/)
The examples here fetch the configuration object from a hypothetical dependency injection container. You can create it in the same script or require it from a different file. It basically depends on how your system is bootstrapped.
Constantinos Sergiou
@constantinosergiou
Hello all
i have this issue Class 'App\Http\Controllers\Lcobucci\JWT\Signer\Hmac\Sha256' not found
Constantinos Sergiou
@constantinosergiou
fixed :)
Mohinish Sharma
@mohinishsharma
Hi all,
im trying to use this lib with lumen and im getting Target [Lcobucci\JWT\Configuration] is not instantiable.
can anyone help me out in this?
Luís Cobucci
@lcobucci
@mohinishsharma check which version of the library is installed on your project. That class only exists on v3.4+
Rose Riyadh
@RoseRiyadh
hello, I'm trying to get my laravel project upgraded from 5.8 up to 8 to have sign in with apple, I'm getting this error Class 'Lcobucci\JWT\Validation\Constraint\LooseValidAt' not found
what should I do?
@lcobucci
Marco Pivetta
@Ocramius
Sounds like the dependency to lcobucci/jwt is broken in your project. LooseValidAt exists in 4.2.x: https://github.com/lcobucci/jwt/blob/a8acedb920bb48de30bad1aa9e6d242903ecd693/src/Validation/Constraint/LooseValidAt.php#L13 . It does not exist in 3.x, so your dependency got upgraded, probably because a laravel component did not declare compatibility with 3.x specifically.
ah, sorry, the opposite
code needs 4.x code, but you are using 3.x
Rose Riyadh
@RoseRiyadh
@Ocramius so I should update my lcobucci to ^4
@Ocramius it's locked on 4.1.4
Rose Riyadh
@RoseRiyadh
@Ocramius i did it and it worked, thank you so much!
Ashish Vinayak
@ashishvinayak
JWT expires automatically before expiresAt('8 hour'). I am unable to understand why. I found a related issue at lcobucci/jwt#622, yet I am still unsure if my validation is correct. I've posted my code below. Could someone please help me?
private function issue($user){
    $config = $GLOBALS["tokenConfig"];           
    assert ($config instanceof Configuration);

    $now = new DateTimeImmutable();
    $this->token = $config->builder()    
            // sub
            ->relatedTo($user->user_id)
            // issue by
            ->issuedBy("https://testpage.com/")
            // iat
            ->issuedAt($now)
            // jwt expire
            ->expiresAt($now->modify('8 hour'))
            // builds a new token
            ->getToken($config->signer(), $config->signingKey());
}private function Validator(string $cookie){
/**
 * Validate token string
 */
    $config = $GLOBALS["tokenConfig"];
    assert ($config instanceof Configuration);
    // parse token
    try {
        $token = $config->parser()->parse($cookie);
    }
    catch (\Exception $e){
        return false;
    }
    assert ($token instanceof UnencryptedToken);
    // 
    $constraints = $config->validationConstraints();        
    // validate
    try {
        $config->validator()->assert($token, ...$constraints);
    }
    catch (RequiredConstraintsViolated $e) {
        return false;
    }
    return true;
}
Ashish Vinayak
@ashishvinayak
@lcobucci Any suggestions?
Luís Cobucci
@lcobucci
@ashishvinayak we'd need to see a sample token and the list of constraints you're using.
11 replies
Also, if you just need to return a boolean result, I'd suggest using Validator#validate()
Anton Smirnov
@sandfox_gitlab
Greetings
How to submit security issues, well, securely?
Marco Pivetta
@Ocramius
@sandfox_gitlab would say email - lcobucci AT gmail
Or ocramius AT gmail
Anton Smirnov
@sandfox_gitlab
Thank you
R. Mohammad
@rmohammad25
@lcobucci Good morning. I follow the steps on issuing token and etc ( which is working fine ) . My question i have is why its not all random ( only the first part and second ) see image ? sorry newbie here.
Luís Cobucci
@lcobucci
@rmohammad25 it's because of JWTs' structure. I believe those are two different tokens with almost same claims (probably time difference only). Which means that the encoded headers and claims are essentially the same.
R. Mohammad
@rmohammad25
Thanks @lcobucci .
balamurugan natarajan
@bala03:matrix.org
[m]
Hi i am new user for jwt also, facing issues of undefined container while generate token provided on documentation
[2021-11-09 16:59:58] local.ERROR: Undefined variable: container {"exception":"[object] (ErrorException(code: 0): Undefined variable: container at C:\wamp64\www\laravel\idpal_setup\app\Http\Controllers\ZendeskController.php:21)
balamurugan natarajan
@bala03:matrix.org
[m]
hi didnt get any response on slack please help me to fix the issues
Luís Cobucci
@lcobucci
@bala03:matrix.org maybe this can help https://gitter.im/lcobucci/jwt?at=60918907ff705616c77129cc
balamurugan natarajan
@bala03:matrix.org
[m]
HI @lcobucci Thanks for your reply
balamurugan natarajan
@bala03:matrix.org
[m]
@lcobucci: hi what is jti. how we generated that laravel or using lcobucci packages, sorry to dont have idea to provide it
balamurugan natarajan
@bala03:matrix.org
[m]
Thanks ic, i generated the token