Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feacture Request] Support creating JwtVerifier for issuer null #178

Open
ottokruse opened this issue Oct 17, 2024 · 3 comments
Open

[Feacture Request] Support creating JwtVerifier for issuer null #178

ottokruse opened this issue Oct 17, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@ottokruse
Copy link
Contributor

Describe the bug
The JwtRsaVerifier throws an error for JWTs that have no iss field: error: Missing Issuer. Expected: null

But iss is an optional field. And in this case I am creating the verifier like so, setting issuer to null to signal that I don't want to check it:

const verifier = JwtRsaVerifier.create({
  issuer: null,
  audience: null,
  jwksUri: "<my uri>",
  customJwtCheck: ({ payload }) => {
    // my implementation
  },
});

It looks like the error is, that the JWK caching mechanism is based on iss (makes sense in principle) but cannot handle missing iss:

aws-jwt-verify/src/jwt-rsa.ts

Line 647 in 8bb9b6e

decomposedJwt.payload.iss,

Versions
Which version of aws-jwt-verify are you using? 4.0.1
Are you using the library in Node.js or in the Web browser? Node.js
If Node.js, which version of Node.js are you using? (Should be at least 16) 20
If Web browser, which web browser and which version of it are you using? N/A
If using TypeScript, which version of TypeScript are you using? (Should be at least 4) High enough

To Reproduce
If you can, please provide a minimal code example that reproduces the bug.
@ottokruse ottokruse added the bug Something isn't working label Oct 17, 2024
@ottokruse
Copy link
Contributor Author

ottokruse commented Oct 17, 2024
edited
Loading

This doesn't even compile right now:

image image

@ottokruse
Copy link
Contributor Author

Maybe it is by design that issuer is mandatory for the JwtRsaVerifier, would have to dig in the code and my memory ...

@ottokruse
Copy link
Contributor Author

Concluding that this is not a "bug" per se but a consequence of design decisions made while building the JwtRsaVerifier.

@ottokruse ottokruse reopened this Jan 2, 2025
@ottokruse ottokruse changed the title [BUG] JwtRsaVerifier throws an error for JWTs that have no iss field: error: Missing Issuer. Expected: null [Feacture Request] Support creating JwtVerifier for issuer null Jan 2, 2025
@ottokruse ottokruse mentioned this issue Jan 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ottokruse