Added in a new file to store the list of JWT algorithms that can be used, as this error was occurring due to a mismatch between what you could sign and what you could verify

2025-01-31 20:05:20 +01:00 · 2020-12-01 13:38:01 +00:00 · 2020-12-01 13:38:01 +00:00 · 3e0525ee9e
commit 3e0525ee9e
parent c9d9730726
3 changed files with 33 additions and 18 deletions
--- a/src/core/lib/JWT.mjs
+++ b/src/core/lib/JWT.mjs
@ -0,0 +1,24 @@
+/**
+ * DateTime resources.
+ *
+ * @author mt3571 [mt3571@protonmail.com]
+ * @copyright Crown Copyright 2020
+ * @license Apache-2.0
+ */
+
+
+/**
+ * List of the JWT algorithms that can be used
+ */
+export const JWT_ALGORITHMS = [
+    "HS256",
+    "HS384",
+    "HS512",
+    "RS256",
+    "RS384",
+    "RS512",
+    "ES256",
+    "ES384",
+    "ES512",
+    "None"
+];
--- a/src/core/operations/JWTSign.mjs
+++ b/src/core/operations/JWTSign.mjs
@ -8,6 +8,9 @@ import Operation from "../Operation.mjs";
 import jwt from "jsonwebtoken";
 import OperationError from "../errors/OperationError.mjs";

+import {JWT_ALGORITHMS} from "../lib/JWT.mjs";
+
+
 /**
 * JWT Sign operation
 */
@ -34,18 +37,7 @@ class JWTSign extends Operation {
            {
                name: "Signing algorithm",
                type: "option",
-                value: [
-                    "HS256",
-                    "HS384",
-                    "HS512",
-                    "RS256",
-                    "RS384",
-                    "RS512",
-                    "ES256",
-                    "ES384",
-                    "ES512",
-                    "None"
-                ]
+                value: JWT_ALGORITHMS
            }
        ];
    }
--- a/src/core/operations/JWTVerify.mjs
+++ b/src/core/operations/JWTVerify.mjs
@ -8,6 +8,9 @@ import Operation from "../Operation.mjs";
 import jwt from "jsonwebtoken";
 import OperationError from "../errors/OperationError.mjs";

+
+import {JWT_ALGORITHMS} from "../lib/JWT.mjs";
+
 /**
 * JWT Verify operation
 */
@ -43,12 +46,8 @@ class JWTVerify extends Operation {
        const [key] = args;

        try {
-            const verified = jwt.verify(input, key, { algorithms: [
-                "HS256",
-                "HS384",
-                "HS512",
-                "none"
-            ]});
+            const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS});
+

            if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") {
                throw new OperationError(verified.message);