Generating a JWT with kty=oct can fail because of incorrect Base64 encoding
al2o3cr opened this issue · 0 comments
al2o3cr commented
Steps to Reproduce
- Generate a secret using
mix guardian.gen.secret
- Set that secret for use with JWTs with
secret_key: %{"k" => System.get_env("THAT_SECRET_KEY"), "kty" => "oct"}
- Try signing a key
Expected Result
It should work. :)
Actual Result
Sometimes, the generated secret has a +
in it which isn't allowed according to the spec and crashes the URL-safe base64 decoder.
The root cause is the use of Base.encode64
in guardian.gen.secret
. Switching that to Base.url_encode64
would solve this issue but probably break something else...
Additional backstory and discussion in this Elixir Forum thread; thanks to the original poster for bringing this up.