storage icon indicating copy to clipboard operation
storage copied to clipboard
verified publisher icon supabase

JWT verify return an invalid algorithm for JWT Token signed with RS256

Open xenirio opened this issue 3 years ago • 0 comments

Bug report

Describe the bug

I've got a problem when I try to upload a file with storage-api. The JWT token in my platform signed with RS256 algorithm. Here is an error

{"level":"info","time":"2022-08-10T05:02:30.129Z","pid":23,"hostname":"storage-0","reqId":"req-5","req":{"method":"POST","url":"/bucket","hostname":"storage:5000","remoteAddress":"10.233.68.201","remotePort":56482},"msg":"incoming request"}
JsonWebTokenError: invalid algorithm
    at /app/node_modules/jsonwebtoken/verify.js:121:19
    at getSecret (/app/node_modules/jsonwebtoken/verify.js:90:14)
    at Object.module.exports [as verify] (/app/node_modules/jsonwebtoken/verify.js:94:10)
    at /app/src/utils/index.ts:37:9
    at new Promise (<anonymous>)
    at verifyJWT (/app/src/utils/index.ts:36:10)
    at /app/src/utils/index.ts:59:28
    at step (/app/dist/utils/index.js:33:23)
    at Object.next (/app/dist/utils/index.js:14:53)
    at /app/dist/utils/index.js:8:71

To Reproduce

  1. Generate secret/keys of supabase with RS256 algorithm.
  2. Make a request to storage-api of subapase deployment.

Expected behavior

The storage should be successful with file uploaded.

I've created PR to resolve this issue. Please review here https://github.com/supabase/storage-api/pull/176

xenirio avatar Aug 11 '22 09:08 xenirio