Skip to content

Commit

Permalink
Fix JWT decoding of non padded headers
Browse files Browse the repository at this point in the history 
JWT headers are encoded using non-padded URL encoding. The existing code worked when headers were an exact multiple of 4 base64 chars but failed when the length mod 4 was non-zero.
  • Loading branch information
@jessjenkins
jessjenkins committed Sep 27, 2022
1 parent 84bf6c2 commit 55a9bd0
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions jwt/parser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (p CognitoRSAParser) Parse(tokenString string) (*permissions.EntityData, er
return nil, ErrPublickeysEmpty
}
token, err := p.jwtParser.Parse(tokenString, p.getKey)

if err != nil {
err = determineErrorType(err)
return nil, err
Expand Down Expand Up @@ -170,14 +170,14 @@ func (p CognitoRSAParser) getKey(token *jwt.Token) (interface{}, error) {

func (p CognitoRSAParser) getPublicSigningKey(token string) (*rsa.PublicKey, error) {
tokenHeader := strings.Split(token, ".")[0]
pubKeyBytes, err := base64.StdEncoding.DecodeString(tokenHeader)
pubKeyBytes, err := base64.RawURLEncoding.DecodeString(tokenHeader)
if err != nil {
return nil, err
}

var decodedHeaders map[string]string
if json.Unmarshal(pubKeyBytes, &decodedHeaders) != nil {
return nil, err
return nil, err
}

if p.PublicKeys[decodedHeaders[Kid]] == nil {
Expand Down

0 comments on commit 55a9bd0

Please sign in to comment.