Issue with middleware Answered

Nicolas Scott Duncan Hamra I was test a middleware to check if the token that I get from memberstack it valid and I get ihis issues do you have any idea ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=75497580, lib=9, reason=108, reason_text=b'error:0480006C:PEM routines::no start line')])

My middleware :

import jwt
from django.http import JsonResponse
from django.conf import settings

class TokenAuthenticationMiddleware:
def init(self, get_response):
self.get_response = get_response

def **call**(self, request): # get token from header token_memberstack = request.META.get('HTTP_X_MEMBERSTACK_TOKEN', None) if token_memberstack is None: return JsonResponse({'error': 'Token header missing'}, status=401) # decode token try: decoded_token = jwt.decode(token_memberstack, algorithms=['RS256'], verify=False) except jwt.InvalidTokenError: return JsonResponse({'error': 'Invalid token'}, status=401) # verify token using public key try: public_key = settings.MEMBERSTACK_PUBLIC_KEY decoded_token = jwt.decode(token_memberstack, public_key, algorithms=['RS256']) except jwt.InvalidTokenError: return JsonResponse({'error': 'Invalid token signature'}, status=401) # check if token is valid for current user if 'sub' in decoded_token: if str(request.user.id) != decoded_token['sub'] and request.user.email != decoded_token['sub']: return JsonResponse({'error': 'Token does not match current user'}, status=401) return self.get_response(request)

Comments

8 comments

  • Comment author
    Tyler Bell

    are you getting the error at this line

    jwt.decode(token_memberstack, algorithms=['RS256'], verify=False)

    or this line

    jwt.decode(token_memberstack, public_key, algorithms=['RS256'])

    Also, can you send me a test token? The value of token_memberstack

    0
  • Comment author
    khaoula EZ-Zaoui

    this is exemple of value token that I sent : eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjZmNjU3ZGRiYWJmYmZkOTVhNGVkNjZjMjMyNDExZWFhNjE5OGQ4NGMxYmJkOGEyYTI5M2I4MTVmYjRhOTlhYjEifQ.eyJpZCI6Im1lbV9zYl9jbGRqenliY3owMTB6MHRscTFtb2lnbmV2IiwidHlwZSI6Im1lbWJlciIsImlhdCI6MTY3ODk4NzY5OSwiZXhwIjoxNjgwMTk3Mjk5LCJhdWQiOiJhcHBfY2xkanl3bTF2MDEwNjB0bHEzZHlqMHphbiIsImlzcyI6Imh0dHBzOi8vYXBpLm1lbWJlcnN0YWNrLmNvbSJ9.AHzt-CrmCsJkugYzy-rzddq0w1n_h6FSxjNVQcSgrFzPFzAA_oPotBGEFfMpxgoErkYxBeXHu-TGcsBrJM_sfo-h2Ti015ZUjjIVskF-5CGm8aSQW8nddN843_Z3kzAg99uhjUmMc1rAGOT46onByLxALkQIiPYGyD5zSmvfnu01KjAllezTcXxcaYAV_AmXhc1VxeYGjiSAvskH8DbNPi9x4UAgqpDnYA7BFvM-8akAyfpkrCBlJWzDOjtAZ1X5LaCe7GquoACkVQMc4cPSibKFgtE7o0sFOAgvl_Bz1pyFtAe3ipdW4IggLTmPNhkxpE7uX6sApoUORxcIovJ4pg

    I think that the issues I get it realated to the format of the key maybe That what I found when I was do the researsh

    0
  • Comment author
    Tyler Bell

    If you copied the key, I wonder if it was copied / pasted with special characters 🤔

    Can you make sure the key you have doesn’t have any spaces and or special characters in it (like new lines, etc.)?

    https://www.loom.com/share/65f52e9a193e4d58ab8a866f5354a955

    0
  • Comment author
    khaoula EZ-Zaoui

    thank you Tyler Bell to get the time for explain me . I appreciate that . just one auther question , is the key that you get from member-jw3.s3-website are unique for each memberstack account because I couldn't found it ?

    0
  • Comment author
    Tyler Bell

    The key is not unique.
    It’s the same for all memberstack accounts.

    0
  • Comment author
    khaoula EZ-Zaoui

    thank you Tyler Bell

    0
  • Comment author
    Tyler Bell

    khaoula EZ-Zaoui We made it much easier to verify tokens today.

    You can use the /members/verify-token endpoint.

    Docs for it are found on this page. Scroll down -> Verify Member Token -> Rest API (Use this if you aren’t using node)
    https://memberstack.notion.site/Admin-API-5b9233507d734091bd6ed604fb893bb8

    0
  • Comment author
    Khaoula

    Tyler Bell Thank you very much for your hard work I appreciate that  . I will check that .  

    0

Please sign in to leave a comment.