The JWK oct import is not decoding the k value

Noticed while working on the unencoded payloads and trying to re-create the scenarios in the RFC that the OCT JWK import is not working correctly.

It seems that the key import and export is missing the Base64 encoding parts.

This should work:
```
key = ::JWT::JWK.import({kty:"oct", k:"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"})
token = ::JWT::EncodedToken.new("eyJhbGciOiJIUzI1NiJ9.JC4wMg.5mvfOroL-g7HyqJoozehmsaqmvTYGEq5jTI1gVvoEoQ")
token.verify_signature!(algorithm: "HS256", key: key.verify_key) # => raises JWT::VerificationError
```

When explicitly decoded it works:
```
key = ::JWT::JWK.import({kty:"oct", k:Base64.urlsafe_decode64("AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow")})
token = ::JWT::EncodedToken.new("eyJhbGciOiJIUzI1NiJ9.JC4wMg.5mvfOroL-g7HyqJoozehmsaqmvTYGEq5jTI1gVvoEoQ")
token.verify_signature!(algorithm: "HS256", key: key.verify_key)
```

We need to fix this, but as it's breaking change in imports and exports it would be suitable for the 3.0 version.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The JWK oct import is not decoding the k value #632

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The JWK oct import is not decoding the k value #632

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions