Hi pheonix,
Unless I'm mistaken, if you have used a private key to sign the token, the decode_token function will fail if you use the wrong public key.
It might help if you could post the code which you have written so we can see how you are encoding and decoding the tokens.
Heres a quick test I ran which shows that if you are using the 'RS256' algorithm the decoding will fail without the correct key:
#! /usr/bin/env perl use strict; use warnings; use autodie; use Test::More; use Data::Dumper; use File::Slurp; use Crypt::JWT qw(encode_jwt decode_jwt); my $private_key = read_file('throwaway.pem'); my $public_key = read_file('throwaway.pem.pub'); my $wrong_public_key = read_file('fake_key.pem.pub'); my $payload = { just => 'another', perl => 'hacker' }; my $token = encode_jwt( payload => $payload, key => \$private_key, alg => 'RS256' ); ok( decode_jwt( token => $token, key => \$public_key ) ); ok( decode_jwt( token => $token, key => \$wrong_public_key )); done_testing(); $ ./test_jwt.pl ok 1 JWS: decode failed at ./test_jwt.pl line 26. # Tests were run but no plan was declared and done_testing() was not s +een. # Looks like your test exited with 255 just after 1.
Hope this helps,
Jim
In reply to Re: Validating JWT
by jimpudar
in thread Validating JWT
by phoenix.fire
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |