Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Perl version of python-jose (Javascript Object Signing and Encryption)?

by scorpio17 (Canon)
on Sep 10, 2019 at 17:17 UTC ( #11105988=perlquestion: print w/replies, xml ) Need Help??

scorpio17 has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to decode and verify Amazon Cognito JWT tokens, as described here:
https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt

Their example uses python, which depends on a library called python-jose to do the heavy lifting.
I'm trying to do the same thing using Crypt::JWT. My code looks like this:

use strict; use Crypt::JWT qw(decode_jwt); my $keylist = '...'; my $token = '...'; my $data = decode_jwt(token=>$token, kid_keys=>$keylist);
I'm using $keylist and $token values that work in the python script. But in the perl version I'm getting this error:
JWT: exp claim check failed

Is there anything like python-jose for perl?
Am I using Crypt::JWT incorrectly? Is there a better tool for the job?

  • Comment on Perl version of python-jose (Javascript Object Signing and Encryption)?
  • Download Code

Replies are listed 'Best First'.
Re: Perl version of python-jose (Javascript Object Signing and Encryption)?
by tangent (Vicar) on Sep 10, 2019 at 19:19 UTC
    Looking through the github docs I notice that the payload has an 'exp' attribute (expiration time) which the python script deals with like so:
    if time.time() > claims['exp']: print('Token is expired') return False
    Using Crypt::JWT you need to specify what to do with 'exp' by passing a value for 'verify_exp':
    verify_exp
    undef (default) - Expiration Time 'exp' claim must be valid if present
    0 - ignore 'exp' claim
    1 - require valid 'exp' claim
    If the payload has 'exp' and your arguments to decode_jwt() do not contain 'verify_exp' then you get the error you describe. You could try:
    my $data = decode_jwt(token=>$token, kid_keys=>$keylist, verify_exp=>1 +);

      That was it!

      The test token had expired, so to ignore that and decode it anyway, I needed verify_exp=>0.
      I knew I was probably overlooking something simple- thank you so much!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://11105988]
Approved by footpad
Front-paged by haukex
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (9)
As of 2019-09-17 10:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The room is dark, and your next move is ...












    Results (207 votes). Check out past polls.

    Notices?