ruby-jwt icon indicating copy to clipboard operation
ruby-jwt copied to clipboard
verified publisher icon jwt

ArgumentError in `verify': wrong number of arguments (given 3, expected 1)

Open yazinsai opened this issue 4 years ago • 4 comments

I'm using the sample code shown in the README for RS256:

rsa_private = OpenSSL::PKey::RSA.generate 2048
rsa_public = rsa_private.public_key

token = JWT.encode payload, rsa_private, 'RS256'

decoded_token = JWT.decode token, rsa_public, true, { algorithm: 'RS256' }

Instead of getting a decoded_token hash, I get this error message:

Traceback (most recent call last):
    8: from main.rb:25:in `<main>'
    7: from main.rb:7:in `verify'
    6: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt.rb:28:in `decode'
    5: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/decode.rb:26:in `decode_segments'
    4: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/decode.rb:42:in `verify_signature'
    3: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/signature.rb:31:in `verify'
    2: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/algos/rsa.rb:15:in `verify'
    1: from /home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/security_utils.rb:20:in `verify_rsa'
/home/runner/BasicAfraidSolidstatedrive/.bundle/ruby/2.5.0/gems/jwt-2.2.3/lib/jwt/security_utils.rb:20:in `verify': wrong number of arguments (given 3, expected 1) (ArgumentError)
exit status 1

This seems to be because OpenSSL::X509::Certificate.verify expects a single argument but is receiving 3:

# jwt-2.2.3/lib/jwt/security_utils.rb:20
def verify_rsa(algorithm, public_key, signing_input, signature)
  public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input) # 👈  3 arguments passed
end

yazinsai avatar Jul 26 '21 12:07 yazinsai

Any update on this ? Seeing the same issue (with ruby 3)

thomasdarde avatar Aug 05 '21 11:08 thomasdarde

None, still waiting for feedback on this.

yazinsai avatar Aug 05 '21 11:08 yazinsai

Thanks for the feedback. I did try this code and it seems to work with latest jwt version without issue 2.2.3. (FYI my payload was : payload= {a: "b"})

But I did get a very similar issue trying to decode an azure jwt token.

public_key was of type OpenSSL::X509::Certificate instead of OpenSSL::PKey::RSA on a OpenSSL::X509::Certificate instance you can call public_key and get a OpenSSL::PKey::RSA (but now I receive an invalid signature message from jwt...)

thomasdarde avatar Aug 05 '21 13:08 thomasdarde

For sure if a OpenSSL::X509::Certificate object is given as the public_key there will be some errors. Apparently the OpenSSL::X509::Certificate#verify method is to verify the signature of the certificate.

Then why the verification is failing if the certificates public key is given is pretty hard to figure out without more info or some example.

anakinj avatar Aug 18 '21 19:08 anakinj