Joken doesn't verify payload

Good morning! I am trying to set up Joken to use JWT for server-client communication. I’ve tried following the example of bryanjos, but I get the message “invalid payload” when I try to verify the token. Below is a detailed explanation.

  1. Encoding
   def get_token(conn, _params) do

      IO.puts "I will make a token for you ..."

      current_user = conn.assigns.current_user
      my_token = %{"user_id" =>}
      |> token
      |> with_validation("user_id", &(&1 == 1))
      |> with_signer(hs256("yada82....))
      |> sign
      |> get_compact

     render conn, "token.json", token: my_token
  1. Verifying
    def verify_token(token) do
      |> token
      |> with_validation("user_id", &(&1 == 1))
      |> with_signer(hs256("yada82.....))
      |> verify
  1. Error message
%Joken.Token{claims: %{}, claims_generation: %{}, error: "Invalid payload",
 errors: ["Invalid payload"], header: %{}, json_module: Poison,
 signer: %Joken.Signer{jwk: %{"k" => "eWFkYTgyMDQzbVUsQGl6cTAjJG1jcV4mIUhGUXBucDhpLW5j",
    "kty" => "oct"}, jws: %{"alg" => "HS256"}},
 token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjo5fQ.GBDAhBAmVEcL9Ru-NvxVex9WmUFryRSvLiVIopPcVyg",
 validations: %{"user_id" => {#Function<4.78128222/1 in LookupPhoenix.NoteApiController.verify_token/1>,

Is a string or an int?

Hi! @jxxcarlson! Joken maintainer here :slight_smile:

In your token the user_id is an integer with value 9 (eyJ1c2VyX2lkIjo5fQ -> {“user_id”:9}). You are validating if 9 == 1 and that fails accordingly.

I guess you are following the examples in the README. That is only to show how to work with custom claims (and in that example we validate a user_id with value 1). On a real system though you should validate if that user_id is a valid one using other ways.


1 Like

Oops (duh!!) I didn’t read that very carefully. Sorry and thanks!!

It’s an int, but I was being stupid (see below).

No worries! :slight_smile: