0

Hi I have configured the node.js app and in most part it is working fine. But at the last step after logging in I am getting this error : Invalid token: Unable to verify the ID Token: Invalid verify algorithm sha256 I can see the gtoken being set. But I am running out of ideas about where from the algorithm is getting set. I havn't configured it anywhere , so how am I passing an invalid algorithm ?

Any suggestions ?

Anubis05
  • 1,234
  • 2
  • 13
  • 17

1 Answers1

0

Have you converted the downloaded .p12 key into .pem file, and pass the .pem file when building the GitkitClient?

Jin Liu
  • 2,203
  • 15
  • 13
  • yes I have done the conversion using openssl as google suggests https://developers.google.com/identity/toolkit/web/quickstart/nodejs. I have built it using node.js. – Anubis05 Aug 06 '15 at 02:22
  • The gtoken is signed by the RSA-SHA256 algorithm, and the nodejs app relies on the openssl to verify the signature. Have you installed openssl on your machine? – Jin Liu Aug 07 '15 at 01:10
  • Well, thats interesting. I am actually using https://github.com/apigee/trireme to run the node code. It does not use openSSL. Do you think this can be an issue ? – Anubis05 Aug 17 '15 at 11:51
  • Probably yes. I am not familiar with trireme, but according to the Crypto section in the github README file, it seems the "trireme-crypto" module is needed: "Like TLS, certain features (Sign/Verify in particular) only work if the "trireme-crypto" module and its dependencies are in the class path. If they are not present then these methods will throw an exception. This is primarily because the trireme-crypto module uses Bouncy Castle to implement PEM file reading and decryption. It is possible to run Trireme without Bouncy Castle if these features are not needed." – Jin Liu Aug 17 '15 at 16:59