I'm setting up a REST API with Auth0 as the authentication service. Everything is working but my confidence has been a bit shaken after a rather strange occurrence.
My implementation is based on the sample code here (The RS256 section) and here. The only modification being that I cast the PublicKey to an RSAPublicKey.
The issue is that I wanted to be positive that the verification would fail on a bad signature. I changed the signature's last character (we'll say "x") and the token still verified. BUT - switching it to any character other than "x" or the originally generated character caused it to fail as expected.
My suspicion is that this is due to some sort of padding/encoding/decoding/Base64 issue and that I just happened to pick a character with the same first n-number of bits or something? Of course, this means that if a successful "guess" were to be made, it would need to include the remaining forty-kabillion characters of the token - which is the whole point of its existence. So I'm not necessarrily concerned that the token will be guessable - I'm just making sure that I've implemented the gist of the verification correctly.
import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.security.interfaces.RSAPublicKey;
public class Application {
public static void main(String[] args) {
try {
JwkProvider provider = new UrlJwkProvider("");
Jwk jwk = provider.get("");
String token = "";
RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();
Algorithm algorithm = Algorithm.RSA256(publicKey, null);
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer("")
.build();
DecodedJWT jwt = verifier.verify(token);
} catch (JWTVerificationException exception) {
System.out.println("JWT Exception: " + exception.getMessage());
} catch (JwkException e) {
e.printStackTrace();
}
}
}
解决方案
Have a look no further than the JWT example (screenshot below).
The token has 3 parts in separate colors:
Header: Metadata about the token, including the algorithm used. Not signed and not verified.
Payload: Contents of the token (user claims). Signed and verified.
Signature: The signature of the token.
Headers in particular are not signed, they can contain almost anything and be altered. Although the token won't be able to be decoded if it's borked (bad algorithm value for example).
There are rules to encode, pad and serialize all this data together, refer to the specifications. It is possible to add/remove/edit few bytes in a token and still have a valid token, albeit slightly different (modified padding or headers). However it is not possible to alter the payload of a token, which is what's important.
JWT libraries offer separate functions to extract information from the token, like get_unverified_headers() and get_claims(), avoiding any potential confusion. Hypothetically if one were to accidentally read the user identifier from the header instead of the payload, it would be a critical vulnerability because that can be altered freely.
1761
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
