[SOLVED] JWT authentication and verify

DrMad0 · April 17, 2021, 6:49pm

Hello,

I’m trying to use JWT authentication in my extension. So, at FrontEnd I sent next query:

    const userInformation = {
      getInfo: createRequest('GET', 'info')
    };
    function createRequest (type, method) {
      return {
        method: type,
        url: location.protocol + '//localhost:8000/drmad/' + method,
      };
    }
    function setAuth (request, token) {
      Object.keys(request).forEach((req) => {
        twitch.rig.log('Setting auth headers');
        request[req].headers = { 'Authorization': 'Bearer ' + token };
      });
    }
    twitch.onAuthorized(function (auth) {
      token = auth.token;
      setAuth(userInformation, token);
      axios(utilsRequests).then(res => console.log(res))
}

That token I got from twitch.onAuthorized function
In EBS I tried to verify that token by my secret that I got from here:

So, using Python, I got that code:

token = request.META.get('HTTP_AUTHORIZATION', '')[len("Bearer "):]
my_secret = base64.b64decode(settings.DRMAD_SECRET)
jwt.decode(token, my_secret, algorithms=['HS256'])

But when I’m trying to decode my token, I get an error:
jwt.exceptions.InvalidSignatureError: Signature verification failed
I also tried to check my token and secret on jwt.io site. But I got an answer that it has “Invalid Signature”
What can I do wrong? Thanks for helping

DrMad0 · April 17, 2021, 6:53pm

My jwt.io checking:

BarryCarlyon · April 17, 2021, 6:55pm

Assuming that the header was set correctly in Frontend, which looks correct
And your copy nad pasted the secret correcty.
and having checked token contains what it’s supposed to contain on the backedn
I don’t see any obviously wrong here.

So it looks like inbound requests to your python didn’t extract the token correctly?
Does token in python contain what it’s supposed to contain?
And debug your outbound request to check it’s what you expect

DrMad0 · April 17, 2021, 7:00pm

Yes, In EBS I see that my token looks like in FrontEnd. And I tried copy/paste token from FrontEnd to jwt.io, but with no results
Can it be connected with using twitch developer-rig program and starting FrontEnd from that program?

BarryCarlyon · April 17, 2021, 7:02pm

Perhaps the developer rig might have an outdated/wrong secret you can try the following, one or more of the following in this order

Hit Refresh Manifest
Recreate the Views
Remove the project from the rig and add it again. (Don’t make a new extension, just remove and readd it to the rig)

DrMad0 · April 17, 2021, 7:05pm

Yes, after closing and opening project again program asked me about my secret key. I put it in program and everything is great. Thanks!

BarryCarlyon · April 17, 2021, 7:31pm

Also make sure your rig is up to date, current version is v1.2.14