Cannot match header

Question

Cannot match header

Closed this issue 7 years ago · 3 comments

不太懂erlang，但是看了半天后感觉src/emq_auth_jwt.erl的39行左右是有问题的。

在我的应用中，Header的内容是：{"alg":"HS256","typ":"JWT"}，而在emq-auth-jwt中Header的内容是：{"typ":"JWT","alg":"HS256"}。结果就是正确的密码串连接时却得到以下错误内容：

12:21:32.501 [error] JWT encode fail:{ok,<<"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDQ3MDA0NDgsImlzcyI6InV3ZWVyIiwidWlkIjoiNTlhNmE4MzdlZjNhZDFkYTE3NGIwODAyIiwibW9kIjo2fQ.UTlV66DfXzqbMg_yh5fq5HowDcEa67MnGVxaGtbwyPk">>}

能不能修正一下，谢谢

Answer 1 · 2017-09-08T13:26:31.000Z

@huzhengquan
In order to verify that the token is completely correct, we decode the JWT and encode it according to the decrypted data, so that the Header order must be {"typ": "JWT", "alg": "HS256"}

Answer 2 · 2017-09-11T02:39:45.000Z

@turtleDeng 可能你没理解我的意思，在hashmap中，typ和alg是没有顺序的，emq-auth-jwt用有顺序的string来判断token的合法性显然是有问题的。

{"typ": "JWT", "alg": "HS256"}和{"alg": "HS256","typ": "JWT"}应该没差别才对

Answer 3 · 2017-09-11T13:43:35.000Z

@huzhengquan
74976f1

I think you are right, we will fix it in the v2.3-beta.4