Hi,
using cloudflare-worker-jwt, are there any known mismatches with the way ghost verifies the token?
Running though node per the docs example, I have no problem, but cloudflare-worker-jwt gives the following:
"errors": [
{
"message": "Invalid token: invalid signature",
"context": null,
"type": "UnauthorizedError",
"details": null,
"property": null,
"help": null,
"code": "INVALID_JWT",
"id": "61765fd0-d8a3-11ed-ae6f-d1690b7fc7d0",
"ghostErrorCode": null
}
]
Looking at both tokens at https://token.dev/ they decode identically (afaik my eyes). This is the failing cloudflare-worker-jwt one:
Here’s the worker script
import jwt from '@tsndr/cloudflare-worker-jwt';
export default {
async fetch(request: Request, env: any) {
// Admin API key goes here
const API_KEY =
'XXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
const [keyId, secret] = API_KEY.split(':');
const nowTs = Math.round(Date.now() / 1000);
const payload = {
exp: nowTs + 300,
iat: nowTs,
aud: '/admin/',
};
const token = await jwt.sign(payload, secret, {
algorithm: 'HS256',
header: { typ: 'JWT', kid: keyId },
});
const data = await fetch(
'https://example.com/ghost/api/admin/members',
{
headers: {
Authorization: `Ghost ${token}`,
'Content-Type': 'application/json',
'Accept-Version': 'v5.15',
},
method: 'GET',
}
).then(async (res) => {
return {
payload,
token,
res: await res.json(),
};
});
return new Response(JSON.stringify(data, null, 2));
},
};
Thanks!