You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am building an app that accepts 2 different JWTs for authentication, 1 that is generated by the app itself, 1 that is generated by an external entity.
As a result I am using 2 signers,
app.jwt.signers.use(.hs256(key: authSecret)) // For local app auth
app.jwt.signers.use(.es256(key: .public(pem: ecdsaPublicKey)) // For external entity JWT auth
Per Vapor doc it should work, my app should accept either JWT and authenticate
But in reality it is only using the 1st signer, or whichever is set to default. If the 1st signer fail to validate the JWT, authentication fails with the error: signature verification failed
If I declare the ECDSA signer 1st, I can only validate JWTs with this signer, other JWTs will fail with the error signature verification failed
Is it a bug or expected behavior ?
If expected behavior, how can I accept 2 different JWTs ?
Note: I also tried with kid, but this expects the external entity to generate a JWT with the kid as well.
Expected behavior
Vapor should loop through the signers and verify the JWT.
Authentication should succeed if any of the signer is able to verify the JWT, and fail only if none of the signers can verify.
Environment
Vapor Framework version: 4.67.3 - 4.77.0
JWT version: 4.2.1
The text was updated successfully, but these errors were encountered:
Describe the bug
I am building an app that accepts 2 different JWTs for authentication, 1 that is generated by the app itself, 1 that is generated by an external entity.
As a result I am using 2 signers,
Per Vapor doc it should work, my app should accept either JWT and authenticate
But in reality it is only using the 1st signer, or whichever is set to default. If the 1st signer fail to validate the JWT, authentication fails with the error:
signature verification failed
If I declare the ECDSA signer 1st, I can only validate JWTs with this signer, other JWTs will fail with the error
signature verification failed
Is it a bug or expected behavior ?
If expected behavior, how can I accept 2 different JWTs ?
Note: I also tried with
kid
, but this expects the external entity to generate a JWT with the kid as well.Expected behavior
Vapor should loop through the signers and verify the JWT.
Authentication should succeed if any of the signer is able to verify the JWT, and fail only if none of the signers can verify.
Environment
The text was updated successfully, but these errors were encountered: