Invalid JWT signature
-
Hi folks,
We use the endpoint /oauth2/token and we receive the tokens. We copy paste the tokens in jwt.io to check signature validity (we also copy paste the secret). Strangely enough
- access_token seems to have an invalid signature
- id_token seems to have a valid signature
Is this normal ? We would like to use the access_token because it contains user roles. The automatic JWT token validation built in Asp.net Core rejects it.
Kind regards
-
Thanks for the question!
If you are accessing our token endpoint and asking for a token, and have an invalid signature - there could be a few causes. It may be related to how you are checking the signature. There are a few ways to do this if using a third-party library to validate a signature and there is room for error -- as I have experienced myself
I was able to take the client secret (from the OAuth configuration screen
Applications > Your App > OAuth tab
) and validate a recently generated access token using the following curl commandcurl --request POST \ --url https://local.fusionauth.io/oauth2/token \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data grant_type=authorization_code \ --data client_id=<your_client_id> \ --data client_secret=<your_secret> \ --data code=<your_auth_code> \ --data redirect_uri=http://www.google.com
JWT.io verified the signature as valid:
One thing to confirm is if you are on the latest version of FusionAuth.
Aside from that, please feel free to log an issue below with the details of your bug.
https://github.com/FusionAuth/fusionauth-issues/issues/new/choose
Thanks,
Josh -
Hi @joshua thanks for the feedback.
Regarding the client secret, the one I use starts with Q9 and ends with dA . It's the one for delta-dev application. Are we using the same ?
I don't understand your remark regarding latest version of FusionAuth. This service is on the cloud right ? You are updating it, no ? It's not on premises AFAIK ? I see in the menu "FusionAuth version 1.28.1" . Is this the latest version ? If not, how should we upgrade ?
If you prefer to create an issue instead of talking on this forum, l can create a ticket.
Thanks
-
Forget my answer above. I just realize we use FusionAuth on premises and not on the cloud. We will see how we can upgrade our old version.
-
I don't understand your remark regarding latest version of FusionAuth
This was only to indicate that if you are on an older version of FusionAuth, then the fix might be to upgrade to a newer version, especially if the release notes indicate that a fix may have been implemented.
Thanks,
Josh -
We have a section in our documentation that covers upgrading which you may find helpful as well.
Thanks,
Josh -
Thanks @joshua I'll transmit the link to our infra team. Hopefully upgrade will happen soon. Currently we use version 1.28.1, from one year ago. Do you think upgrade could affect JWT signatures ?
-
This post is deleted! -
This post is deleted!