Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Base64Url instead of Base64 in JWT signature #614

Closed
hvge opened this issue Aug 12, 2024 · 3 comments
Closed

Use Base64Url instead of Base64 in JWT signature #614

hvge opened this issue Aug 12, 2024 · 3 comments
Assignees
@hvge
Labels
bug

Comments

@hvge
Copy link
Member

hvge commented Aug 12, 2024

The signJwtWithDevicePrivateKey() method of PowerAuthSDK is using a regular Base64 encoding instead of Base64Url encoding. Both Android and Apple platform has this issue.
@hvge hvge added the bug label Aug 12, 2024
@hvge hvge self-assigned this Aug 12, 2024
@hvge
Copy link
Member Author

hvge commented Aug 12, 2024

The fix will be available as a part of work on #604 but then must be cherrypicked to 1.8.x branch.

hvge added a commit that referenced this issue Aug 13, 2024
@hvge
Fix #614: Use Base64Url instead of Base64 for JWT signatures
ba6b6d8
@hvge
Copy link
Member Author

hvge commented Aug 13, 2024

The signature calculation is also wrong. We don't include header data to the signature.

hvge added a commit that referenced this issue Aug 13, 2024
@hvge
Fix #614: Fixed JWT signature calculation (1.8.x release)
1688e69
hvge added a commit that referenced this issue Aug 13, 2024
@hvge
Fix #614: Include header to signature calculation
419ef7b
@hvge
Copy link
Member Author

hvge commented Aug 28, 2024

There's another problem found in JWT signature calculation. The output binary blob containing the signature should be in JOSE format, instead of DER.

hvge added a commit that referenced this issue Aug 28, 2024
@hvge
Core: Support for ECDSA JOSE signatures (#614)
d0191fc
@hvge hvge closed this as completed in 6197f6f Sep 12, 2024
hvge added a commit that referenced this issue Sep 12, 2024
@hvge
Fixed JWT signature calculation (1.8.x release) (#615)
e7d67b0 
* Fix #614: Fixed JWT signature calculation (1.8.x release)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hvge hvge

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hvge