Comments (6)
Are you sure that you're not double-encoding the token? As in doing URL-encoding of the token twice?
Also, could you please provide the token?
from galene.
Sorry, forgot the token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJycnVzZXIiLCJhdWQiOiJodHRwczpcL1wvZ2FsZW5lLnNlcnZlci50c3Q6ODAwOFwvZ3JvdXBcL2V4dFwvIiwicGVybWlzc2lvbnMiOlsicHJlc2VudCJdLCJpYXQiOjE2NzEyMjUxMTcsImV4cCI6MTY3MTIyODcxNywiaXNzIjoiaHR0cHM6XC9cL2F1dGguZXhhbXBsZS5vcmcifQ.mIp1tTkp2DF0UKTh8dztV6JbSpfn7ev22v9YFFKj1f0
I used this as it is here as url arg ?token=
For generating the token I was using a PHP library ReallySimpleJWT, but tried it although with the python jwt
from galene.
MYz3IfCq4Yq-UmPdNqWEOdPl4C_m9imHHs9uve#DUJGQ
The #
sign is not allowed in Base64. I think you made a mistake when you copied the key.
from galene.
Thank you for the fast answer!
It's funny, I followed this rule: https://github.com/RobDWaller/ReallySimpleJWT#secret-strength
(so yes, I changed the key from your example slightly) not sure if the security consideration that is mentione is correct?
But https://dinochiesa.github.io/jwt/ validates it as correct.
Or am I absolutely wrong? Is the "k": .... the secret in base64 ???
from galene.
Is the "k": .... the secret in base64 ???
Yes. See RFC 7518 Section 6.4.1:
The "k" (key value) parameter contains the value of the symmetric (or
other single-valued) key. It is represented as the base64url
encoding of the octet sequence containing the key value.
User-provided passphrases tend to be weak. For shared tokens between servers, it is better to generate the secrets using a strong random number generator. The jose
utility can be used to do that:
jose jwk gen -i '{"alg": "HS256"}'
If you think it's useful, I can write a utility to generate suitable keys and include it with Galene.
from galene.
Great, that was my fault and solves my Problem!
(I am able to read, but I probably reading the wrong things =) )
from galene.
Related Issues (20)
- any api available? HOT 6
- Websocket connection fails on Firefox HOT 3
- installing instructions not clear at all HOT 3
- display connection time in the UI HOT 5
- token managment HOT 6
- Would it be possible to use the github "releases" feature HOT 3
- WHIP authorization / authentication ? HOT 1
- Same user can login twice/ thrice/ ecc.. HOT 8
- Feature request: log ip + username when they join a room HOT 8
- /kick (anon) results in "Error: Unknown user (anon)" HOT 5
- feature request: mute a user in chat. (maybe /quiet /unquiet) HOT 4
- Feature request: ability remove specific messages from chat HOT 1
- best way to send the URL to another user for impromptu video conferences. HOT 3
- Feature request: Add UUID to username metadata of chat HOT 4
- example config and groups HOT 5
- Feature request: Optionally disable anonymous login HOT 9
- Feature request: Profiles & TEN OTHERs HOT 2
- Add a chat command for disabling screen sharing HOT 2
- Feature request (Accessibility): Optional Speech-to-Text (STT) integration HOT 3
- Geo links not parsed correctly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from galene.