Skip to content

verify throws undocumented TypeError for invalid input with algorithm: 'ES512', instead of a documented JsonWebTokenError #767

New issue
New issue
Open
Open
verify throws undocumented TypeError for invalid input with algorithm: 'ES512', instead of a documented JsonWebTokenError#767
Labels
bug
@jedwards1211

Description

@jedwards1211
jedwards1211
opened on Feb 17, 2021

Description

If I pass a ES512-signed token missing one character from the end to verifyToken, it should throw a JsonWebTokenError with message "invalid signature", not a TypeError.

I need to be able to return sane error codes from an API I'm making for verifying license tokens encoded as JWTs. I guess I can grep for this error message, but I feel less confident that I'll be able to return a better error code than "internal error" in all cases.

Reproduction

const { sign, verify } = require('jsonwebtoken')

const secret = `;lkjaslknwineijlk4jlksdf`

const signed = sign({ foo: 'bar' }, secret)
try {
  verify(signed.substring(0, signed.length - 1), secret)
} catch (error) {
  // JsonWebTokenError: invalid signature
  console.error(error)
}

const JWT_PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIB33gmqVf3SpwPkDHtestfmJjMBYqU0VmgLSWxfQjShwosIw84xc93
zGmIYMDETxx71c/gO35W7w3HnVl1O+wR4BGgBwYFK4EEACOhgYkDgYYABAEieIYf
WABe35tuttNiYjeebiBgMS9ugK5I6D564vExpAfj5m8ULX9yrE6cZ2oBsfAgFKya
HfQwgcC3G5zo0VDS/AGt3kJuohUiw2hj8Xgao6MT1TDV0d0KoPjvsq85lk12aACc
NWUyzLqSE3TkZYDaTdlPJYCsySp/Q3czFIcRPcVdsQ==
-----END EC PRIVATE KEY-----
`
const JWT_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBIniGH1gAXt+bbrbTYmI3nm4gYDEv
boCuSOg+euLxMaQH4+ZvFC1/cqxOnGdqAbHwIBSsmh30MIHAtxuc6NFQ0vwBrd5C
bqIVIsNoY/F4GqOjE9Uw1dHdCqD477KvOZZNdmgAnDVlMsy6khN05GWA2k3ZTyWA
rMkqf0N3MxSHET3FXbE=
-----END PUBLIC KEY-----
`

const signed2 = sign({ foo: 'bar' }, JWT_PRIVATE_KEY, { algorithm: 'ES512' })
try {
  verify(signed2.substring(0, signed2.length - 1), JWT_PUBLIC_KEY, {
    algorithm: 'ES512',
  })
} catch (error) {
  // TypeError: "ES512" signatures must be "132" bytes, saw "131"
  console.error(error)
}

Environment

  • Version of this library used: 8.5.1
  • Version of the platform or framework used, if applicable: node 12.16.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions