-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
webPush generating invalid JWT in Authorization header #679
Comments
Running into this too. Any solution? |
On my side it was the VAPID Key which was invalid. Double checked with https://vapidkeys.com and replaced the existing keys. It works now. |
I changed my keys and I am still getting the bad JWT token issue is there something else I need to do to get it to work with ios? |
Also getting the same problem |
Double check your subject. Google/Chrome seems to be forgiving, in my case is sent |
NOTE: Please test in a least two browsers (i.e. Chrome and Firefox). This
helps with diagnosing problems quicker.
Setup
Operating System: OS X
Node Version: v16.5.0
web-push Version: 3.4.5
Problem
webPush is generating an invalid JWT in the Authorization header. This throws an error when connecting to the endpoint with webPush.sendNotification(). I tested the JWT object on jwt.io and it shows 'invalid signature'.
I generated a set of VAPID keys and used these to set webPush.setVapidDetails() and as the applicationServerKey during the subscribe() function. I have only used one set of VAPID keys. I also set a GCM API key with webPush.setGCMAPIKey(). The subscription object is correct with valid endpoint, p265dh and auth values.
Using webPush.generateRequestDetails() reveals the Authorization header, which contains an invalid JWT.
Chrome returns 'WebPushError: Received unexpected response code' with statusCode 403 and body ''invalid JWT provided\n'.
Firefox returns 'WebPushError: Received unexpected response code' with statusCode 401 and body '{"code": 401, "errno": 109, "error": "Unauthorized", "more_info": "http://autopush.readthedocs.io/en/latest/http.html#error-codes", "message": "Request did not validate missing authorization header: Missing Authorization Header"}'
Expected
webPush generates correct credentials and connects to the given endpoint to deliver a push notification.
Features Used
Example / Reproduce Case
Subscription object:
{
endpoint: 'https://updates.push.services.mozilla.com/wpush/v2/gAAAAABhF878jga8_0MYNA2njtvb1o7-gZxt5wdLSN4hxXJNVe3JZ-bAA5H-Vcp5Nf6Fa7Bt9rxNMG7GGbmKF8eOLu1sak1Xxhb246zcjMp1Orr-NMPbY9ldxi36Tv2NlrMB3FUS6Hv_6x5fl5QbEkX-e68yxWGWCOvw4otUCIfC061BAZ8ovlg',
keys: {
auth: 'bm4Cscagb5dY3OWQxoN8CQ',
p256dh: 'BLy_YKVjyW7D8BkEtsyg-OYePc_F40feoO0y8qF2ddcSZOLP6fvJL-tAcwzZ5aXi2YPd783XHPUnz5nRd732bww'
}
}
webPush headers with invalid Authorization JWT (bold):
{
method: 'POST',
headers: {
TTL: 2419200,
'Content-Length': 171,
'Content-Type': 'application/octet-stream',
'Content-Encoding': 'aes128gcm',
Authorization: 'vapid t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL2ZjbS5nb29nbGVhcGlzLmNvbSIsImV4cCI6MTYyOTE4MDkxMCwic3ViIjoibWFpbHRvOmpvcmRhbi5zbWl0aC4yMEB1Y2wuYWMudWsifQ._M1RbDubib_iy-IPWfdz6GQb0eua_zsmoyPuLWjg6p88RbMkigsfvgDiBlRSmBn9BW4xiYlgIlU5TOQiPwmjkw, k=BFuaW7LdscFd2-mN_lTvILOlijf9YzTnVcqbq4pgUVPyzOGPpOFoIS5ZyeenRvcz0jZ4ysWynvFfbgjnaDIJQK0'
},
body: <Buffer e7 3b 49 a0 00 7b 44 2d d0 ae db a5 67 5e 16 7e 00 00 10 00 41 04 ba da a2 a3 0a 5e 56 cf d5 f5 e1 72 69 d3 b3 8d fc eb fb 8a c4 8c dc 6f a3 09 51 14 ... 121 more bytes>,
endpoint: 'https://fcm.googleapis.com/fcm/send/cmvOYD_wJug:APA91bEoC0UkXyTBLJHlqWOo-3ZWhK3BWmgOROWeBumIrHpKzWR-cw4R85iqRMegMTadE6b1kKMnmnc8JqgjaiddAbzzxB11LSenVGk62oOVKuFgb-wAoSmCyDGYNUiuOVEVLZYF-gx2'
Other
The text was updated successfully, but these errors were encountered: