Encrypting/Decrypting problem with JWT Firebase RS256

[gsdiama]

Hi everybody,

I don't know what I'm not doing right but Firebase custom token created with this JWT library can't be decoded properly.

Encoding process (PHP 5.4):

function create_custom_token($uid, $is_premium_account){
	$service_account_email = "firebase-adminsdk-XXXXX@XXXXXXXXXXXXXXX.iam.gserviceaccount.com";
	$private_key = "-----BEGIN PRIVATE KEY-----\nMI..."; //It includes \n but I have tried without \n or <<<EOD... 

	$now_seconds = time();
	$payload = array(
		"iss" => $service_account_email,
		"sub" => $service_account_email,
		"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
		"iat" => $now_seconds,
		"exp" => $now_seconds + (60 * 60),
		"uid" => $uid,
		"claims" => array(
			"premium_account" => $is_premium_account
		)
	);

	return JWT::encode($payload, $private_key, "RS256");
}

$uid = "YYY";
$jwt = create_custom_token($uid, false);

It returns a JWT that I store in the app in order to check the validity of the comming events. If I go to jwt.io I get an invalid signature message.

Decoding process (PHP 5.4):

$jwt is the JWT returned by the server.

$publicKeyURL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
$key = json_decode(file_get_contents($publicKeyURL), true);
$key = array_shift($key); //I check that the key is the proper one and seems right.
$decoded = JWT::decode($jwt, $key, array("RS256"));

I get Fatal error: Class 'SignatureInvalidException' not found in /var/www/vhosts/XXXXX.local/jwt.php on line 92

If I go deeper, I see that when it does:
openssl_verify($msg, $signature, $key, $algorithm);

The error message returned by openssl_error_string() is:
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01

I have read in the net that it seems to be a key issue, but I have checked everything and seems OK.

I will much appreciate if you could help me because I have been with this issue for 3 days.

Thank you very much in advance,

GSDiama

[gsdiama]

Hi,

Anyone could know what the problem is?

Thanks in advance,

GSDiama

[mwakaambrose]

Same problem here. 'RS256' encoded tokens don't seem to be encoded properly.

[nicoworq]

Hi ! I know is a little late, but i was having the same problem and i fixed with this :

$publicKeyURL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
$key = json_decode(file_get_contents($publicKeyURL), true);
$decoded = JWT::decode($token, $key, array('RS256'));

I just passed the full array as $key to the decode function, and it worked.

[IDevelopes]

I am also getting the same problem. I have tried your way @nicoworq but i get this error ""kid" empty, unable to lookup correct key" @mwakaambrose did you manage to find a solution ?

[yash30201]

Does this issue still persists?

[ajupazhamayil]

The kid empty issue has been resolved with this PR #505

Hope this resolves the issue, thank you for the discussion