App crash on `jwt encode` command with `@` in secret

Question

App crash on `jwt encode` command with `@` in secret

dhra opened this issue 6 months ago · 6 comments

Summary

The jwt encode command crashes when using a secret containing special characters. The crash occurs due to the inability to read the file specified by the --secret parameter.

Steps to reproduce

Run the following command

jwt encode --secret=@@@vovocha '{"hello":"world"}'

Actual result

thread 'main' panicked at src/utils.rs:42:44:
Unable to read file @@vovocha
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Expected behavior

Users should be able to create a valid JWT with secrets that start with the '@' symbol.

More details:

jwt --version
jwt 6.1.0

OS: Ubuntu

Answer 1 · 2024-08-21T20:56:46.000Z

Thanks for writing in, and sorry for the delay @dhra. The use of @ in secrets denotes that the secret should be a path to a certificate to encrypt the body.

Unfortunately I don't have a good suggestion for how to get around this issue. You could change your secret to be something like --secret='\@@@vovocha', but that's not the same secret, so that may not work for you.

If you have suggestions for alternatives, please let me know