[Google Authentication Core] Encrypt_RSA action throws error
google-authentication-core
Reactive icon
Forge component by Miguel Amado
Application Type
Reactive

Hi All,

I am currently implementing an app which integrates with Google calendar. In order to get the token I would like users to log in. In order to separate this app from our own login flow I attached the end user module and the Google Authentication Core to a different user provider.

Everything seemed to be working okay, but some login actions on the callback page and token retrieval end with an 'The parameter is incorrect.' error message. I managed to track this error down to the Encrypt_RSA action, specifically the instance after retrieving the Google token.

After the error, when navigating to the application, the user is logged in, but subsequent calls may or may not work correctly. When a token is stored without raising the error the issue is not observed any more.

Do you have any ideas on what goes wrong?

GoogleAuthenticationCore.oml

mvp_badge
MVP
Solution

I had the same error using this component. It seems that the component is using RSA to encrypt the tokens on the database, but at some point Google increased the token size and RSA can no longer encrypt them.

RSA is meant to encrypt fixed-size messages, or encrypt other keys, and has a limit to the number of bytes it can encrypt. RSA is also much slower when compared to AES. See: https://security.stackexchange.com/questions/33434/rsa-maximum-bytes-to-encrypt-comparison-to-aes-in-terms-of-security


I have changed the component to use AES instead of RSA to encrypt the tokens. Note that the AES key is stored on the database encrypted with a private key only available to the environment, so there is no loss of security to use AES in this case. File is attached.

GoogleAuthenticationCore.oml

mvp_badge
MVP

This has been fixed in the version 1.0.5 of this component.

Hi Leonardo, 

Thanks for the explanation and fix to the component. It seems to work without issue at the moment. 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.