Hi everyone,
I’m facing a challenge with JWT token verification in my application that integrates with Web3Auth. Specifically, when I try to verify the token using the jose
library, I get a “ERR_JOSE_GENERIC” error in my application, but the same code works perfectly when run as a local script.
Here’s the code that works locally:
import * as jose from "jose";
(async () => {
const idToken = '...'; // hardcoded token for testing
try {
const jwks = jose.createRemoteJWKSet(new URL("https://api-auth.web3auth.io/jwks"));
const jwtDecoded = await jose.jwtVerify(idToken, jwks, { algorithms: ["ES256"] });
console.log(jwtDecoded.payload.wallets[0]);
} catch (e) {
console.error(JSON.stringify(e));
}
})();
And here’s the similar code in my application where it fails:
try {
const jwks = jose.createRemoteJWKSet(new URL('https://api-auth.web3auth.io/jwks'));
const jwtDecoded = await jose.jwtVerify(idToken, jwks, { algorithms: ['ES256'] });
// further processing
} catch (e) {
console.error(JSON.stringify(e));
}
In the application, this throws “ERR_JOSE_GENERIC”. The error object looks like this:
{
"code": "ERR_JOSE_GENERIC",
"name": "JOSEError"
}
My local environment uses Node.js version 20.12.1.
I’ve tried the following troubleshooting steps:
- Updated the JWKS endpoint to
https://api-auth.web3auth.io/jwks
as per the latest documentation. - Manually verified the token on jwt.io, and it appears to be valid.
- Considered network issues, but I’m unsure if there are restrictions in the application environment that prevent accessing the JWKS endpoint.
- Ensured the token is not expired and that the
kid
matches the keys in JWKS (at least in the local environment). - Checked for differences in library versions or Node.js versions between local and application environments.
Additionally, I’ve looked at similar issues online, such as:
- JWT verification with jose is failing
- JWT Errors | Documentation | Web3Auth
Could someone please provide insights into why this discrepancy might be occurring? Is there something particular about application environments that could affect JWT verification with jose
and Web3Auth?
Also, my application integrates with Sapphire Mainnet, but I’m not sure if that’s relevant. Could there be any impact from that?
Thank you in advance for your assistance!
Best regards