I am trying to authenticate as GitHub apps but keep getting error when generating JWT token from private key. The output token always missing the signature part, which make it invalid.
Here is my code, I use lcobucci/jwt library for the generation
$token = (new Builder())
->expiresAt((new DateTimeImmutable('+10 minutes'))->getTimestamp())
->issuedAt((new DateTimeImmutable())->getTimestamp())
->issuedBy($config['appId'])
->getToken(new Sha256(), new Key('file://'.$config['keyPath']));
// output
// HEADER .PAYLOAD .SIGNATURE
// eyJ0eX***lIn0.eyJleHAiO***0ODMifQ.
I already verify the private key validness using this ruby script which generate the complete JWT token and successfully use it to call the API.
This code is part of Laravel 5.8 codebase and I run it with php artisan serve with php 7.3 on Windows 10 OS. I did check the openssl plugin is already enabled.
Library version from composer is "lcobucci/jwt": "3.3.0"
Advertisement
Answer
Updating lcobucci/jwt library version from 3.3.0 to 3.3.1 solve the problem.
Still not sure why. The changelog doesn’t indicate bugfix of any kind.