bennadel / jsonwebtokens.cfc Goto Github PK
View Code? Open in Web Editor NEWThi is a ColdFusion gateway to help encode and decode JSON web tokens.
License: Other
Thi is a ColdFusion gateway to help encode and decode JSON web tokens.
License: Other
I'm working with an authentication system that has given me a x509 certificate for the public key and when I try to decode the token using this library, I get this error: "Invalid RSA public key encoding."
I am able to successfully validate the signature on the jwt.io decoder so I'm pretty sure it's not a problem with the tokens or the certificate, but rather something in the Java being used by Coldfusion. I've tried tweaking it as much as I know how and I've gotten nowhere. Do you have any suggestions?
I'm pretty sure my code should work:
<cfset jwt = new lib.JsonWebTokens()>
<cfset payload = jwt.decode( token, "RS256", "#certString#" )>
Or am I missing something?
Thanks!
I've tested this lib with google api JWT, but I got error:
can't decode the base64 input string [notasecret], because the input
string has an invalid length
notasecret is the default password for google Jwt. The error is probably due to Base64url encoding.
Something like this:
reReplace(reReplace(reReplace(str, "\+", "-", "all"), "\/", "_", "all"),"=", "", "all")
could resolve the issue.
Here are some reference: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Hello,
I ported the code to an old version of CFML. I don't know if you face this problem, but the padding function was broken :
function convertToBase64( input ) {
input = replace( input, "-", "+", "all" );
input = replace( input, "_", "/", "all" );
var paddingLength = ( 4 - ( len( input ) mod 4 ) );
return( input & repeatString( "=", paddingLength ) );
}
When the input length is a multiple of 4, the modulo yields 0, so 4 - 0
yields 4
, and we have a useless padding ====
added to the string.
If figured out with this simple payload : 'payload'
(i.e. the simple word "payload" as a string. The JSON version ("payload"
) will be transformed to "payload
when decoding (so there is a missing quote), and the JSON unserialize will just yield null
.
I'm not 100% sure wether this behaviour is because of the unwanted padding, but the problem disappears with this dumb version of the function :
function convertToBase64( input ) {
input = replace( input, "-", "+", "all" );
input = replace( input, "_", "/", "all" );
switch(len( input ) mod 4) {
case 1: return input & '===';
case 2: return input & '==';
case 3: return input & '=';
default: return input;
}
}
I will not make a pull request because of the old version of the code we are using and because I'm not sure of what is the deep truth about this :)
Cheers.
I didn't spend a lot of time on this, but I got it working by scoping global variables in the CFCs.
Also it might be worth noting that real-world examples would likely require quotes around the payload properties.
Hit me up if you're interested in knowing what I did. Otherwise, if this project isn't really needed anymore and a different library would be better, adding that to the docs would be great.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.