Skip to content

Bearer token verification error #34919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
emass293 opened this issue Dec 10, 2019 · 3 comments
Closed

Bearer token verification error #34919

emass293 opened this issue Dec 10, 2019 · 3 comments
Labels
Bug HttpClient Status: Needs Review

Comments

@emass293
Copy link

Symfony version(s) affected: 4.4.1

Description

The verification of jwt token send an invalid token but the topken coms from OAuth : I think the "=" char is not valid

Possible Solution

change line 114 of HttpClientTrait.php with :
if (isset($options['auth_bearer']) && (!\is_string($options['auth_bearer']) || !preg_match('{^[-._=~+/0-9a-zA-Z]++=*+$}', $options['auth_bearer']))) {

@pbouska
Copy link

pbouska commented Dec 20, 2019

Bearer token returned from Twitter OAuth throws exception in HttpClientTrait too, when used in 'auth_bearer' option.

Workaround: sending bearer token from Twitter OAuth directly in header works fine:
$response = $this->httpClient->request( 'GET', $url, [ 'headers' => ['authorization: Bearer '.$bearerToken] //'auth_bearer' => $bearerToken, ] );

@nicolas-grekas
Copy link
Member

Can you please send a PR to update the regexp to '{^[-._=~+/0-9a-zA-Z]++$}', on branch 4.3?

@emass293
Copy link
Author

I am not sure to know how to do that

@noniagriconomie noniagriconomie mentioned this issue Jan 30, 2020
Merged
nicolas-grekas added a commit that referenced this issue Jan 31, 2020
@nicolas-grekas
bug #35530 [HttpClient] Fix regex bearer (noniagriconomie)
e39d66e 
This PR was merged into the 4.3 branch.

Discussion
----------

[HttpClient] Fix regex bearer

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #34919
| License       | MIT
| Doc PR        | none

Small fix related to #34919 (comment)

Commits
-------

cd0db78 [HttpClient] Fix regex bearer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpClient Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@javiereguiluz @nicolas-grekas @pbouska @emass293 @carsonbot