Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL unable to verify data: error:04091068:rsa routines:INT_RSA_VERIFY:bad signature #29

Closed
santifdezmunoz opened this issue Dec 13, 2016 · 2 comments
Closed

OpenSSL unable to verify data: error:04091068:rsa routines:INT_RSA_VERIFY:bad signature #29

santifdezmunoz opened this issue Dec 13, 2016 · 2 comments
Assignees
@hajekj
Labels
bug

Comments

@santifdezmunoz
Copy link

santifdezmunoz commented Dec 13, 2016
edited
Loading

Hi,

When I try to use any Graph resource I get following error:

OpenSSL unable to verify data: error:04091068:rsa routines:INT_RSA_VERIFY:bad signature

the resource URL that I'm using is https://graph.microsoft.com/

I set the provider configuration as is explained in the documentation, but keeps failing.

Here is the code that I'm using:

   $settings = [
        'clientId'                  => config('azure.azureKey'),
        'clientSecret'              => config('azure.azureSecret'),
        'redirectUri'               => config('azure.azureRedirectUri')
    ];

    //$provider = new OAuth2Provider($settings);
    $provider = new AzureProvider($settings);
    $provider->scope = 'calendars.read';
    $provider->urlAPI = "https://graph.microsoft.com/v1.6/";
    $provider->resource = "https://graph.microsoft.com/";

If I use https://graph.windows.net as the resource, the token is correctly validated.

Thanks in advance!
@hajekj
Copy link
Member

hajekj commented Dec 14, 2016
edited
Loading

Hello, I have just tested this and it seems to work correctly for me. One issue I can see is that Microsoft Graph doesn't offer v1.6 endpoint, you should be using v1.0, which version of the library are you using - dev-master, v1.1.1 or v2.0.0.x-dev?

Update: I have actually tried with dev-master and I am running into the same issue. However with v2.0.0.x-dev everything works fine. I will look into this further.

Update 2: Discovered the issue - it is a coding flaw (

oauth2-azure/src/Token/AccessToken.php

Line 30 in 712ba21

// The id_token is unsigned (coming from v1.0 endpoint) - https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx
), will release v1.2.0 very soon which also includes the fix. The issue lies in the fact that the id_token is not signed in v1 flow and it appears that access_token signature is "weird" in case of using https://graph.microsoft.com/ resource.

@hajekj hajekj self-assigned this Dec 14, 2016
@hajekj hajekj added the bug label Dec 14, 2016
@santifdezmunoz
Copy link
Author

Great to know!! I'll make the modifications on the endpoint version that you suggested, and wait for the next release. Meanwhile I'll check it with v2.0.0.x-dev version.

Thanks again!

@hajekj hajekj mentioned this issue Jan 8, 2017
Merged
hajekj added a commit that referenced this issue Jan 30, 2017
@hajekj
Fix for #29
5af73c0
@hajekj hajekj closed this as completed Jan 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hajekj hajekj

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@santifdezmunoz @hajekj