Comments (9)
Can you provide a little bit more context, a little sample code that fails? I telling that because it there are unit test for rsa/dsa https://github.com/funcool/buddy-sign/blob/master/test/buddy/sign/jws_tests.clj#L132 that passes properly.
from buddy-sign.
Here is my minimal example:
(ns backend.utils.jwt
(:require
[clojure.java.io :as io]
[clj-time.core :as t]
[buddy.sign.jws :as jws]
[buddy.core.keys :as keys]))
(defn- private-key []
(keys/private-key
(io/resource "keys/ecprivkey.pem")))
(defn- public-key []
(keys/public-key
(io/resource "keys/ecpubkey.pem")))
(defn new-token
[res]
(let [exp (t/plus (t/now) (t/days 1))]
(jws/sign res (private-key) {:exp exp})))
(defn from-token
[token]
(try
(jws/unsign token (public-key))
(catch Exception e
(do (prn e)
nil
))))
(comment
(def token (new-token {:foo "bar"}))
(jws/unsign token (pubkey))
)
I hope there is no problem in conflicted deps, I have :pedantic? :abort
on in my project.clj
.
If I add custom alg when signing ( {:alg :es512}
, I got his error when I unsign :
IllegalArgumentException No matching method found: initVerify for class java.security.Signature$Delegate clojure.lang.Reflector.invokeMatchingMethod (Reflector.java:80)
from buddy-sign.
I have missing specify the algoriththm:
(jws/sign res (private-key) {:alg :es256 :exp exp})))
from buddy-sign.
Using just your code and replacing the paths of the key pair and adding the :es256
or :es512
algorithm it just works.
from buddy-sign.
yeah, I think it should work too. I doubt there are deps conflictions in my code base. hmm
from buddy-sign.
You have been able to solve the problem?
from buddy-sign.
@niwinz I haven't retried it yet, work on another task. I will retry soon and report the results.
from buddy-sign.
I think there is something wrong with my project, I'm not sure, I don't have time to debug the problem yet. But copying the example from you, everything works fine now. Thanks for helping :)
from buddy-sign.
Nice to know! Thanks!
from buddy-sign.
Related Issues (20)
- Is ES384 omitted purposefully? HOT 6
- Supporting custom headers HOT 3
- `iss` validation should be against a collection ("whitelist") HOT 2
- Support for looking up public keys via OIDC discovery HOT 19
- Handle java.security.SignatureException for JWS applications HOT 1
- Where is jws/to-timestamp? HOT 1
- EdDSA JWS support HOT 1
- JWS ECDSA Signatures are generated in incorrect format HOT 2
- New release? HOT 1
- JWT signatures invalid according to jwt.io website HOT 2
- 2.* -> 3.*: what's the upgrade path? What are the breaking changes? HOT 1
- Problem upgrading Buddy-sign from 0.3.0 to 2.2.0 HOT 1
- Suggestion: Allow audience validation against collection of valid audiences HOT 4
- JWS unsigned alg should be read out of the JOSE header if available HOT 3
- Errors in using :eddsa algo for claims signing HOT 1
- [PERFORMANCE] - avoid reflective calls HOT 6
- buddy.sign.jwt/unsign fails when hs256 is not used and alg is unspecified HOT 4
- Buddy JWT doesn't support the NONE algorithm HOT 1
- Tag and Changelog Version 3.4.351 Wrong HOT 1
- Call resolve-key in sign function on pkey HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from buddy-sign.