DomainException with message 'OpenSSL unable to sign data'
vino-jasuba opened this issue · 6 comments
I'm trying to use the jwt_encode() function to create a jwt ... I have supplied the payload, a private key and specified the algorithm to use as 'RS256' ... but I keep getting the above exception. I have spent hours googling what the issue could be but I'm getting nowhere. Please help
What's your version of OpenSSL? show me your execute scripts, Including public and private keys.
I have an example for RSA , you can look at it as a contrast.
openssl version
OpenSSL 1.1.0h 27 Mar 2018
$token = <<< TOD eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfS1ViX2pkVjBhRExFSlFZcFFaOXM4LWw5REtDTWdzZklHMjRFcnRUdEtnIn0.eyJqdGkiOiI4OTRmYzRlYi0wMmEwLTQxMjQtODY5YS1kYjY3NmUxYzI3MDAiLCJleHAiOjE1MzE2NDkxOTYsIm5iZiI6MCwiaWF0IjoxNTMxNjQ4ODk2LCJpc3MiOiJodHRwczovL3Nzby51anV6eS5jb20vYXV0aC9yZWFsbXMvdWp1enkiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNGFjNWEwOWEtYTdmNS00NzVjLWFjNWQtNDYwNWM3MjU3NTQwIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWNjb3VudCIsIm5vbmNlIjoiNDBjZDIyZjgtZDExMy00ODc4LTlhYjgtZmMwZWQ1MWM2NDVkIiwiYXV0aF90aW1lIjoxNTMxNjQ4NzcyLCJzZXNzaW9uX3N0YXRlIjoiNjc2Y2YzZGYtOGY2Zi00ZmEwLWI2MDMtMTA1MGY5YzA4ZmUxIiwiYWNyIjoiMCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vbG9jYWxob3N0OjgwOTAiLCJodHRwOi8vMTkyLjE2OC4xMC4xMSIsImh0dHBzOi8vd3d3LnVqdXp5LmNvbSIsImh0dHBzOi8vdWp1enkuY29tIl0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiVmluY2VudCBPbW9uZGkiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXNzIiwiZ2l2ZW5fbmFtZSI6IlZpbmNlbnQiLCJmYW1pbHlfbmFtZSI6Ik9tb25kaSIsImVtYWlsIjoib3ZpbmNlbnQ3OTQ5QGdtYWlsLmNvbSJ9.DRjRgpCez02UBWKuQhFukKT0jQyYl-Ky3RWxJn1aY3sIxd4qPIuI5owEavIGcM79EBnnzZpb5LuoZUwJfe4BDrZVsY4eu-aKfhrU1bzLmprAZit36Zv4safCAOxxXD6wT1dlrEvXA97uQizIloF9O2kEcyZi9MapSJmFhcVRi1nfExXvx6TY3JZCPZ7_EOBJ04WAYtm_Vfdqvb_-ldgs0h86LzXWepWx7KtlMp5gJjIcrQE8ZVL1K5eIVqcRBEI97_rLyOpeHls5qtI9i4ccQFzX1yHBDpMPpS4aGEVEoGjfvh-K7N-g0QYZXXYgnxZ3d3sXZDnsDwji_UD_NvRyDQ
TOD
$publicKey = <<< TOD
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgewaPIwPW9AXblJP77MQKvwhI2DxgXoTAQGzDZRBtB7VaWfFNVr9O8WV5iBD1lqSvwnh+D4boszgiabDM2j49b1yyYLbiyQN8hpKpMfziMvHwxR06uLh0epsSu1hGjMFgQN88aya4XRaxDH/QEVVjUjNUVcZ5hqU4uZreW4qTGq7qH6SuZ4x7g6TnFllhj6Wv5Cs91u20RnI00PXEzMaKEHQb1oMd7Eydi6PqdJJTJqyb+/4PJdeOAEP/u5O4iUA4r0UiPlcSVk9EYiAICbsPkWI+bdN8JdJiFqc8UfYH6IOtLjoh6pRz3vo1qTSZ/F/kFTBg3WXYSecQ6ZSwv6LWwIDAQAB -----END PUBLIC KEY-----
TOD
jwt_decode($token, $publicKey, ['algorithm' => 'RS256']) PHP Warning: jwt_decode(): aud type must be array in Psy Shell code on line 1
PHP Warning: jwt_decode(): aud type must be array in Psy Shell code on line 1
Audience type must be array :
$payload = [
'data' => 'data',
'aud' => ['Young', 'Old']
];
$token = jwt_encode($payload, $privateKey, 'RS256');
print_r(jwt_decode($token, $publicKey, ['algorithm' => 'RS256']));
so what do I do with a token that decodes to a json document with an aud type of a string .... like this one here
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJUTG80bE81dVNZRktfNGRPQ0l1NDg0YTN5dG13M3U4SlFYWlNqRFNESFI4In0.eyJqdGkiOiIxYjU0ODJhMS1mN2ZkLTRhZDAtYTA1Mi0zMzA2ODIzNjc3ZDciLCJleHAiOjE1MzE2NTc0MDcsIm5iZiI6MCwiaWF0IjoxNTMxNjU2ODA3LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvdWp1enkiLCJhdWQiOiJ1anV6eV9hcGkiLCJzdWIiOiJmZmIxZjQ4ZC04NGI3LTQ3ODYtODc4Zi1kZGQ1ZDVhNDlkM2EiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJ1anV6eV9hcGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJhYmI2N2ZlYS04NmIwLTRmM2YtOWE2ZS00OGE5ODk1MDQ1ODkiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IkthcnVnYSBUZXJlc2lhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzcyIsImdpdmVuX25hbWUiOiJLYXJ1Z2EiLCJmYW1pbHlfbmFtZSI6IlRlcmVzaWEiLCJlbWFpbCI6ImthcnVnYUBnbWFpbC5jb20ifQ.OfI6HmrKAk33rpWvCAsnfAG5KLhp8cF0J9pwpdYKdHTKReCBIdr1fD3lItHDzbqhuN9-vB7ebcQPQ1hA1Lx_Q_e31F0Azqb_GlcdLD9cKUJTSiiM5OC6f1g_BZA_jBKoosjZGNDoSmsUYKK9FKmfvpefzr2jPBi_ZYOOGLHJUJIdLkdJZHtdNzR9r9WBfAwfBoqJKTHjWX9HAShrUjwBD7J2vNJBimDUMlexuFohCmVcD3iRr3fdfMqQ61kqpe8XjjwhEi1E0GLkqJ59-HqaKujt0aIskUuCTKHPd938XYsQ2som3o544K53SZAVWCQy-9c0-Meb4BSe0X-NmKqoSg
which decodes to
{
"jti": "1b5482a1-f7fd-4ad0-a052-3306823677d7",
"exp": 1531657407,
"nbf": 0,
"iat": 1531656807,
"iss": "http://localhost:8080/auth/realms/ujuzy",
"aud": "ujuzy_api",
"sub": "ffb1f48d-84b7-4786-878f-ddd5d5a49d3a",
"typ": "Bearer",
"azp": "ujuzy_api",
"auth_time": 0,
"session_state": "abb67fea-86b0-4f3f-9a6e-48a989504589",
"acr": "1",
"allowed-origins": [],
"realm_access": {
"roles": [
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"name": "Karuga Teresia",
"preferred_username": "tess",
"given_name": "Karuga",
"family_name": "Teresia",
"email": "karuga@gmail.com"
}
The string type is not supported at present, I will add string type support to the next version.
you can use it like this right now:
{
"aud": ["ujuzy_api"],
}