[JWT] Error while verifying signature

Forge Component
(10)
Published on 20 Jul (2 weeks ago) by João Almeida
10 votes
Published on 20 Jul (2 weeks ago) by João Almeida

Hi,
I'm trying to verify signature of my jwt token using your demo web application.
I've added public key signature in input but it's giving me error as -
Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
'.
Exceptions caught:
 ''.


So, what's the issue here, what i'm doing wrong?

Solution

Hi Akash,


We've been updating the underlying extension that has the core logic, and that may have broke it. We'll be moving the demo app to this endpoint that's much more stable:

https://darwinlabs-devteam.outsystemscloud.com/JWTDemo


Please beware that PEM key formats are very picky, and need to have the correct line breaks. In the future we might try to add a way to "sanitize" the keys


-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XQvELM/g/F9bMioHSLA
LLNfVIzm6RyU9UXREI8viB2zAHLN2kj72WAiufEovB038U86zwdggtAEkoUV4qIa
rtHxM15Wx5fT7DctMiqIjodrj564M0iWtA8BnkAik2EejKLei17U4wetWuWHTexa
zpEE8IoWsGI08F69uwzFfndH7A80Qr9ZhlTklqfx8Y4z5/Chbjd89tvqvadtz14X
Y2CqOQfEXabY9XQW6/KXWNlILzJjbS36KtyxoM8IIMwNmtNNgZPyDiMKnnSoFxUh
JhSmfBw4Aoxy1T+Z5j1veKp4oNLSddMuVyMfcqOgA7IblIQlWMknGWFX1J+yTJz0
lwIDAQAB
-----END PUBLIC KEY-----

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6jAcBgoqhkiG9w0BDAEDMA4ECLNR9R97rf+XAgIIAASCBMhBIsAAb1ROOmS6
lYqaEMgfFDp8uZjSgIAbQ365572oV5R4dj/Wc26pMZTjCLNKo/4768GRc2H3wirH
x+3A3zIAaFnzxf+D6tit719QWwsY8lr0wFI+YItNePGq1h+1KQtFbs0qL8G2pkZs
x1QzH3uB8HndY2EpRUQ/btdLZU6brovk8lubr2NOoImEy8zJ6DKPnlsLM56BtlCw
js6R5U8KHOdnajfbV3KC5xB3QIs/FELRJxs9zPnQRrH9KXTJrFZdrluRw6XZLeUf
Q3on6ELeHQF1glEMnNfyDL0zIg4bRIswiCR9iLGP5dBgwWOYlR4psb2PCcL0RFfp
yhICorUf8jnpV0hwxICtd4/PEe30fnG1/lPd3mk/qrYFctdazvxW+K3WIPV6GHJA
JeahP4d3hZHS+aNMMLJoVia5xkOW0R5ovoNsAajAkmSTV4bSLC3/I7jfig44AMYr
L3d9paJ6o3DVkrOex3h8awNZqUd/Wl6vvOSMcKR8F/OqjPks5hvh+Z6UERb7FbhU
m+zXORT6HZTWoQ7dlanIGS+iqs0VYNprULmn41jDUh59vN9kzvz54uvNovff1396
YKZ3Q7lsDqgkpU3f/u5eI4oMnVnvMXPFzhF0FNZZviNHzSBmi9Dh8tyqkXOt9CDJ
lwdRCdhNdVm3eD0wSRE0vqM+UB17kxCW7GywAksVh3iLYmBIcgPlJ+i7ufb0NJm7
48b1VZqBhuAVDgaBzSfQHPzU7Z+fDX4UUvbQXYMmFOt0GG0DMqme5WlgaaeHC3aL
PXtTCl0QJ9dDfBRhjwvLaJ5I7pIplcmELVfFn96McrCTaSEBELruafQRlcsbi674
9Ys0lo2jpPIJSp+SFgI9MIfuWqTl/qwfk9IkRSd/BEaTVtJo0iYx8Von9ZKJmgiu
d6nIc/AntZrHs8MwXf4W3zvqC81a54YAfmY4AGLy2xAggbHvoo9222K4zHJd7gVa
0sJ2PKW35laYsJVJrq34wKvkOihJIf3UD1LONlVELwX2wyBruvD0CuifPalhCbKP
gCYsPetdamVY22RnHbquwuxtezdzYYfGRMHjawlKV7yMWAlS1ODnwbL6C6ExrgQX
/wcRIhCAXz4+hMNs3FDpHN7VEtAUcx1wHhW9KnNzKpRd0AjrAKhW0we0uKQYU3rc
6h86FM5W4JxH62O1D6DB2UEDPTHRhITLAm5d3q7sJV4F0CjPnvrh3KbOjVRZ9UVe
xeRREiiE5pLWAB8jGR3fsMBVsBvHtea+WxEQn8t3WHDAMTfcXLJi0vG7gTm7Vbp1
FUaOGJVE2Awey66Wk5vfQsM5pRIO6NQK687HvtuON1TtJ3USMZd5ydE5JWpHBkoe
bzilAebOcAiwOErL9gGzCQTswlh8j5EtjdnwCt2eelVbB2oirhvDVO2FQ+eYifDN
mdYY2QMv1OSeCyKOrXtioQHUXXkPS4i9AjfHNFr0NBAqD1wg0UuKMV1tBJXFwQov
bb3WjvydPCouhhbt4Eml6jk5Hofuug0frXfvQcLV1VDin8FqoWUWxJAKUR+0s2If
kXEKcnmsHaEbe3tg++mBFvuLWm0bkd7JQRDkYoq7dVqTofFUrk3g3CnTWYNWavw7
EiOgGhLj7dX4L7bCD3s=
-----END ENCRYPTED PRIVATE KEY-----


Solution

Akash Gore wrote:

Hi,
I'm trying to verify signature of my jwt token using your demo web application.
I've added public key signature in input but it's giving me error as -
Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId:
'.
Exceptions caught:
 ''.


So, what's the issue here, what i'm doing wrong?

Hi again Akash, although none of the changes address your issue, can you check with the version that just was released in the forge?

 

João Almeida wrote:


We've been updating the underlying extension that has the core logic, and that may have broke it. We'll be moving the demo app to this endpoint that's much more stable:

https://darwinlabs-devteam.outsystemscloud.com/JWTDemo


Please beware that PEM key formats are very picky, and need to have the correct line breaks. In the future we might try to add a way to "sanitize" the keys


-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XQvELM/g/F9bMioHSLA
LLNfVIzm6RyU9UXREI8viB2zAHLN2kj72WAiufEovB038U86zwdggtAEkoUV4qIa
rtHxM15Wx5fT7DctMiqIjodrj564M0iWtA8BnkAik2EejKLei17U4wetWuWHTexa
zpEE8IoWsGI08F69uwzFfndH7A80Qr9ZhlTklqfx8Y4z5/Chbjd89tvqvadtz14X
Y2CqOQfEXabY9XQW6/KXWNlILzJjbS36KtyxoM8IIMwNmtNNgZPyDiMKnnSoFxUh
JhSmfBw4Aoxy1T+Z5j1veKp4oNLSddMuVyMfcqOgA7IblIQlWMknGWFX1J+yTJz0
lwIDAQAB
-----END PUBLIC KEY-----

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6jAcBgoqhkiG9w0BDAEDMA4ECLNR9R97rf+XAgIIAASCBMhBIsAAb1ROOmS6
lYqaEMgfFDp8uZjSgIAbQ365572oV5R4dj/Wc26pMZTjCLNKo/4768GRc2H3wirH
x+3A3zIAaFnzxf+D6tit719QWwsY8lr0wFI+YItNePGq1h+1KQtFbs0qL8G2pkZs
x1QzH3uB8HndY2EpRUQ/btdLZU6brovk8lubr2NOoImEy8zJ6DKPnlsLM56BtlCw
js6R5U8KHOdnajfbV3KC5xB3QIs/FELRJxs9zPnQRrH9KXTJrFZdrluRw6XZLeUf
Q3on6ELeHQF1glEMnNfyDL0zIg4bRIswiCR9iLGP5dBgwWOYlR4psb2PCcL0RFfp
yhICorUf8jnpV0hwxICtd4/PEe30fnG1/lPd3mk/qrYFctdazvxW+K3WIPV6GHJA
JeahP4d3hZHS+aNMMLJoVia5xkOW0R5ovoNsAajAkmSTV4bSLC3/I7jfig44AMYr
L3d9paJ6o3DVkrOex3h8awNZqUd/Wl6vvOSMcKR8F/OqjPks5hvh+Z6UERb7FbhU
m+zXORT6HZTWoQ7dlanIGS+iqs0VYNprULmn41jDUh59vN9kzvz54uvNovff1396
YKZ3Q7lsDqgkpU3f/u5eI4oMnVnvMXPFzhF0FNZZviNHzSBmi9Dh8tyqkXOt9CDJ
lwdRCdhNdVm3eD0wSRE0vqM+UB17kxCW7GywAksVh3iLYmBIcgPlJ+i7ufb0NJm7
48b1VZqBhuAVDgaBzSfQHPzU7Z+fDX4UUvbQXYMmFOt0GG0DMqme5WlgaaeHC3aL
PXtTCl0QJ9dDfBRhjwvLaJ5I7pIplcmELVfFn96McrCTaSEBELruafQRlcsbi674
9Ys0lo2jpPIJSp+SFgI9MIfuWqTl/qwfk9IkRSd/BEaTVtJo0iYx8Von9ZKJmgiu
d6nIc/AntZrHs8MwXf4W3zvqC81a54YAfmY4AGLy2xAggbHvoo9222K4zHJd7gVa
0sJ2PKW35laYsJVJrq34wKvkOihJIf3UD1LONlVELwX2wyBruvD0CuifPalhCbKP
gCYsPetdamVY22RnHbquwuxtezdzYYfGRMHjawlKV7yMWAlS1ODnwbL6C6ExrgQX
/wcRIhCAXz4+hMNs3FDpHN7VEtAUcx1wHhW9KnNzKpRd0AjrAKhW0we0uKQYU3rc
6h86FM5W4JxH62O1D6DB2UEDPTHRhITLAm5d3q7sJV4F0CjPnvrh3KbOjVRZ9UVe
xeRREiiE5pLWAB8jGR3fsMBVsBvHtea+WxEQn8t3WHDAMTfcXLJi0vG7gTm7Vbp1
FUaOGJVE2Awey66Wk5vfQsM5pRIO6NQK687HvtuON1TtJ3USMZd5ydE5JWpHBkoe
bzilAebOcAiwOErL9gGzCQTswlh8j5EtjdnwCt2eelVbB2oirhvDVO2FQ+eYifDN
mdYY2QMv1OSeCyKOrXtioQHUXXkPS4i9AjfHNFr0NBAqD1wg0UuKMV1tBJXFwQov
bb3WjvydPCouhhbt4Eml6jk5Hofuug0frXfvQcLV1VDin8FqoWUWxJAKUR+0s2If
kXEKcnmsHaEbe3tg++mBFvuLWm0bkd7JQRDkYoq7dVqTofFUrk3g3CnTWYNWavw7
EiOgGhLj7dX4L7bCD3s=
-----END ENCRYPTED PRIVATE KEY-----


Hi Joao,

The issue was Public key, I was passing without line breaks. My bad. Thanks for your help

 

 

Akash Gore wrote:

João Almeida wrote:


We've been updating the underlying extension that has the core logic, and that may have broke it. We'll be moving the demo app to this endpoint that's much more stable:

https://darwinlabs-devteam.outsystemscloud.com/JWTDemo


Please beware that PEM key formats are very picky, and need to have the correct line breaks. In the future we might try to add a way to "sanitize" the keys


-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XQvELM/g/F9bMioHSLA
LLNfVIzm6RyU9UXREI8viB2zAHLN2kj72WAiufEovB038U86zwdggtAEkoUV4qIa
rtHxM15Wx5fT7DctMiqIjodrj564M0iWtA8BnkAik2EejKLei17U4wetWuWHTexa
zpEE8IoWsGI08F69uwzFfndH7A80Qr9ZhlTklqfx8Y4z5/Chbjd89tvqvadtz14X
Y2CqOQfEXabY9XQW6/KXWNlILzJjbS36KtyxoM8IIMwNmtNNgZPyDiMKnnSoFxUh
JhSmfBw4Aoxy1T+Z5j1veKp4oNLSddMuVyMfcqOgA7IblIQlWMknGWFX1J+yTJz0
lwIDAQAB
-----END PUBLIC KEY-----

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6jAcBgoqhkiG9w0BDAEDMA4ECLNR9R97rf+XAgIIAASCBMhBIsAAb1ROOmS6
lYqaEMgfFDp8uZjSgIAbQ365572oV5R4dj/Wc26pMZTjCLNKo/4768GRc2H3wirH
x+3A3zIAaFnzxf+D6tit719QWwsY8lr0wFI+YItNePGq1h+1KQtFbs0qL8G2pkZs
x1QzH3uB8HndY2EpRUQ/btdLZU6brovk8lubr2NOoImEy8zJ6DKPnlsLM56BtlCw
js6R5U8KHOdnajfbV3KC5xB3QIs/FELRJxs9zPnQRrH9KXTJrFZdrluRw6XZLeUf
Q3on6ELeHQF1glEMnNfyDL0zIg4bRIswiCR9iLGP5dBgwWOYlR4psb2PCcL0RFfp
yhICorUf8jnpV0hwxICtd4/PEe30fnG1/lPd3mk/qrYFctdazvxW+K3WIPV6GHJA
JeahP4d3hZHS+aNMMLJoVia5xkOW0R5ovoNsAajAkmSTV4bSLC3/I7jfig44AMYr
L3d9paJ6o3DVkrOex3h8awNZqUd/Wl6vvOSMcKR8F/OqjPks5hvh+Z6UERb7FbhU
m+zXORT6HZTWoQ7dlanIGS+iqs0VYNprULmn41jDUh59vN9kzvz54uvNovff1396
YKZ3Q7lsDqgkpU3f/u5eI4oMnVnvMXPFzhF0FNZZviNHzSBmi9Dh8tyqkXOt9CDJ
lwdRCdhNdVm3eD0wSRE0vqM+UB17kxCW7GywAksVh3iLYmBIcgPlJ+i7ufb0NJm7
48b1VZqBhuAVDgaBzSfQHPzU7Z+fDX4UUvbQXYMmFOt0GG0DMqme5WlgaaeHC3aL
PXtTCl0QJ9dDfBRhjwvLaJ5I7pIplcmELVfFn96McrCTaSEBELruafQRlcsbi674
9Ys0lo2jpPIJSp+SFgI9MIfuWqTl/qwfk9IkRSd/BEaTVtJo0iYx8Von9ZKJmgiu
d6nIc/AntZrHs8MwXf4W3zvqC81a54YAfmY4AGLy2xAggbHvoo9222K4zHJd7gVa
0sJ2PKW35laYsJVJrq34wKvkOihJIf3UD1LONlVELwX2wyBruvD0CuifPalhCbKP
gCYsPetdamVY22RnHbquwuxtezdzYYfGRMHjawlKV7yMWAlS1ODnwbL6C6ExrgQX
/wcRIhCAXz4+hMNs3FDpHN7VEtAUcx1wHhW9KnNzKpRd0AjrAKhW0we0uKQYU3rc
6h86FM5W4JxH62O1D6DB2UEDPTHRhITLAm5d3q7sJV4F0CjPnvrh3KbOjVRZ9UVe
xeRREiiE5pLWAB8jGR3fsMBVsBvHtea+WxEQn8t3WHDAMTfcXLJi0vG7gTm7Vbp1
FUaOGJVE2Awey66Wk5vfQsM5pRIO6NQK687HvtuON1TtJ3USMZd5ydE5JWpHBkoe
bzilAebOcAiwOErL9gGzCQTswlh8j5EtjdnwCt2eelVbB2oirhvDVO2FQ+eYifDN
mdYY2QMv1OSeCyKOrXtioQHUXXkPS4i9AjfHNFr0NBAqD1wg0UuKMV1tBJXFwQov
bb3WjvydPCouhhbt4Eml6jk5Hofuug0frXfvQcLV1VDin8FqoWUWxJAKUR+0s2If
kXEKcnmsHaEbe3tg++mBFvuLWm0bkd7JQRDkYoq7dVqTofFUrk3g3CnTWYNWavw7
EiOgGhLj7dX4L7bCD3s=
-----END ENCRYPTED PRIVATE KEY-----


Hi Joao,

The issue was Public key, I was passing without line breaks. My bad. Thanks for your help

 

 

Glad you were able to solve it. Those things are easy to happen with these keys, in this new version we added support for JSON Web Keys and in the future might be a best option.