Skip to content

fix: replace TextEncoder with Buffer to ensure jwtVerify accepts key #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: replace TextEncoder with Buffer to ensure jwtVerify accepts key #339

wants to merge 1 commit into from
+1 −1

Conversation

jakobrosenberg
Copy link

This PR fixes the following error when using triplit.startSession() with jsonwebtoken-signed tokens:

The signature on your token could not be verified successfully. | Context: Key for the HS256 algorithm must be one of type KeyObject, CryptoKey, or Uint8Array. Received an instance of Uint8Array

The issue was caused by TextEncoder().encode(secret) producing a Uint8Array that fails internal checks in jose.jwtVerify() in some environments (e.g. Vitest).

Repro:

const token = jwt.sign({ sub: 'user-johndoe' }, 'mysecret')
triplit.startSession(token)
await triplit.fetchOne(triplit.query('users'), {policy: 'remote-only'})

Fix

TextEncoder().encode(...) was replaced with new Uint8Array(Buffer.from(secret)), which works reliably across environments.

@jakobrosenberg
fix: replace TextEncoder with Buffer to ensure jwtVerify accepts key
9e20562 
Using TextEncoder().encode(...) caused jose.jwtVerify to reject the Uint8Array due to internal brand checks in certain environments (e.g. Vitest, CJS). Replacing it with Buffer.from(...) resolves the compatibility issue without changing behavior.
@height Height
Copy link

height bot commented May 5, 2025

Link Height tasks by mentioning a task ID in the pull request title or commit messages, or description and comments with the keyword link (e.g. "Link T-123").

💡Tip: You can also use "Close T-X" to automatically close a task when the pull request is merged.

@vercel Vercel
Copy link

vercel bot commented May 5, 2025

@jakobrosenberg is attempting to deploy a commit to the Aspen Cloud Team on Vercel.

A member of the Team first needs to authorize it.

@matlin
Copy link
Contributor

matlin commented May 8, 2025

This seems like it might be a Vitest issue vitest-dev/vitest#4043. Have you tried the work arounds in the linked issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jakobrosenberg @matlin