jwt
Use OpenSSL 3
Heroku-22 stack has been released, and it does not support OpenSSL 1.1 but 3.0.
The ruby-jwt broke with the following error
rsa#set_key= is incompatible with OpenSSL 3.0
ruby-opensslv3 has been released and should be used
Hi, just curious what version of the gem you are using? There was one fix for compatibility with OpenSSL 3.0 released in 2.4.0
Also this error reminds me of something that was fixed in #333
I think i got what the problem is, also got it reproduced using the latest ubuntu out there.
It's not the compatibility with the ruby-openssl gem but the underlying openssl version that is shipped with for example the latest ubuntu versions.
I will take a look at this one when time allows. For now the gem is just incompatible with openssl 3.0
Just hit this problem with Ubuntu 22.04.1LTS, Ruby 3.1.2p20, Rails 7.0.3 and jwt 2.4.1 on our stack.
/opt/XXXXXXX/id_token_payload.rb:26:in `rescue in initialize': rsa#set_key= is incompatible with OpenSSL 3.0 (XXXXXXX::IdTokenPayload::DecodingError)
from /opt/XXXXXXX/id_token_payload.rb:23:in `initialize'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `new'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `<main>'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `eval' from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `perform'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command/base.rb:87:in `perform'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command.rb:48:in `invoke'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands.rb:18:in `<main>'
from /usr/local/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/local/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from bin/rails:4:in `<main>'
/usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk/rsa.rb:88:in `set_key': rsa#set_key= is incompatible with OpenSSL 3.0 (OpenSSL::PKey::PKeyError)
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk/rsa.rb:88:in `populate_key'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk/rsa.rb:83:in `rsa_pkey'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk/rsa.rb:67:in `import'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk.rb:14:in `import'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/jwk/key_finder.rb:20:in `key_for'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/decode.rb:60:in `set_key'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt/decode.rb:29:in `decode_segments'
from /usr/local/rvm/gems/ruby-3.1.2/gems/jwt-2.4.1/lib/jwt.rb:28:in `decode'
from /opt/XXXXXXX/jwt_decoder.rb:16:in `decode'
from /opt/XXXXXXX/id_token_payload.rb:24:in `initialize'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `new'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `<main>'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `eval' from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:46:in `perform'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
from /usr/local/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command/base.rb:87:in `perform'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command.rb:48:in `invoke'
from /usr/local/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands.rb:18:in `<main>'
from /usr/local/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/local/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from bin/rails:4:in `<main>'
Thanks for the report.
Some kind of support for OpenSSL 3.0 will be shipped in the next release of this gem, would be great if someone would try the current master version in a real-world example.
@anakinj maybe I didn't understand, but my issue is a real-world codebase with the 2.4.1 master release? How else can I help?
Sorry, was a little unclear. Current master being what is on GitHub that will eventually be something greater than 2.4.1, most probably 2.5.0.
The master branch very often contains features and fixes that has not been released yet, as in this case. So for example by looking at the differences from 2.4.1 master you can compare the v2.4.1 tag with master.
And by trying it out in a real-world example would mean to use the actual master branch of this repo in your codebase, specifying in your gemfile:
gem 'jwt', github: 'jwt/ruby-jwt'
Np. Glad to assist. Made the change and got a different error:
/usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk/ec.rb:124:in `singleton class': undefined method `openssl_3?' for JWT:Module (NoMethodError)
if ::JWT.openssl_3?
^^^^^^^^^^^
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk/ec.rb:92:in `<class:EC>'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk/ec.rb:7:in `<module:JWK>'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk/ec.rb:6:in `<module:JWT>'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk/ec.rb:5:in `<main>'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk.rb:50:in `require_relative'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt/jwk.rb:50:in `<main>'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/bundler/gems/ruby-jwt-0e7dcfacd822/lib/jwt.rb:9:in `<main>'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler/runtime.rb:60:in `block (2 levels) in require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler/runtime.rb:55:in `each'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler/runtime.rb:55:in `block in require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler/runtime.rb:44:in `each'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler/runtime.rb:44:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bundler-2.3.16/lib/bundler.rb:187:in `require'
from /opt/XXXXXX/config/application.rb:19:in `<main>'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command/actions.rb:22:in `require_application!'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command/actions.rb:14:in `require_application_and_environment!'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands/runner/runner_command.rb:33:in `perform'
from /usr/share/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
from /usr/share/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
from /usr/share/rvm/gems/ruby-3.1.2/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command/base.rb:87:in `perform'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/command.rb:48:in `invoke'
from /usr/share/rvm/gems/ruby-3.1.2/gems/railties-7.0.3/lib/rails/commands.rb:18:in `<main>'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from /usr/share/rvm/gems/ruby-3.1.2/gems/bootsnap-1.12.0/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
from bin/rails:4:in `<main>'
I think I've figured out the issue, fix applied in #504
Could you bundle update jwt and try again and see what the next issue is? :)
Happy times, tokens are now being properly en/decoded on our API server. 🥳 Thanks a lot for your time!
Great. Would suggest switching back to the official releases as soon as the next version is out.
Thanks for helping out to test this, the problem in #504 would probably not have not been caught before the next release and it would have affected everyone, not only the ones with openssl 3 installed.
Hey @anakinj, any idea on when the next version, with this fix, will be rolled out?
Heroku-22 stack has been released, and it does not support OpenSSL 1.1 but 3.0.
The
ruby-jwtbroke with the following errorrsa#set_key= is incompatible with OpenSSL 3.0
ruby-opensslv3 has been released and should be used
I have same problem how can i solve it
@anujkumarthakur could you specify a little, curious if there still is some issue.
As mentioned in my last comment ruby-jwt 2.5.0 was shipped with openssl3 support a few weeks back. Could you doublecheck the gem version you are using and if it's 2.5.0 and there is still some issues it would be nice with some additional information, like stacktraces and such.