JWT woes - crypto issues?
Fri Feb 5 21:10:50 CET 2021
I could have made a mistake for sure! But I'm as sure as I can be - that was pretty much the first thing I checked.
The Python is using the base64-encoded string copied from the PEM file, which works, generating JWTs that jwt.io validates successfully from the paired public key.
The Erlang jwerl code is using the same base64-encoded string in a binary (ie <<"-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDAt8OrDBu"...>>), because that's the only way the library would accept it, and because when I looked in the code for jwerl I saw it was using public_key:decode_pem/1 directly on the passed-in key, so it seemed like that was the right format to use.
> On 5 Feb 2021, at 19:47, Łukasz Niemier <lukasz@REDACTED> wrote:
> Are you sure that the secret is the same and is passed in the format that both libraries expect? Because one may require Base64 encoded string and other will require to pass raw data.
> Łukasz Jan Niemier
More information about the erlang-questions