hello @deben, I will do more tests and come back to you on this matter. What was the TTL value you used?
jwt-info {
...
ttl = 1 hour
}
Thank you.
Just to double check, is there any log message like this after the 1 hour has passed?
“Refreshing property jwt (not yet initialized or expired)…” (in DEBUG mode)
I have not enabled debug mode, is there any flag ?
yes, JIBRI uses JUL logging, you can use the logging.properties file to enable DEBUG logging for the org.jitsi.jibri package, for example (or any other config that makes debug logging visible for org.jitsi.jibri.util package)
We are logging the refresh of the token (not the value) when it happens.
Thanks, I missed that.
hi @deben, I have tested this and what I can see is the following:
- the header part is always the same (only encodes fields
kidandalg, alg is alwaysRS256and thekidfield doesn’t change between refreshes of thejwtproperty) - the payload part is different, because the
expfield is encoded as well, and it is updated - there might be some problems with the signature segment of the new tokens
Is this what you are observing as well?
Please note: based on my tests and code review it seems the payload segment only includes the following fields: iss, aud and exp. Only the exp field changes between refreshes (in your case every 1 hour). This makes the payload segments look extremely similar, while they are not identical.
I am still reviewing the signature handling, meanwhile.
@deben I reproduced the problem. yesterday I accidentally tested with a modified branch I had (with the fix included!), sorry for the confusion.
Fix is tested and looks good. We’ll see about promoting it to stable the soonest possible.
I’ll keep you posted here.
Yeah, I was also in confusion where it is reproducible on mine but not not with you. I though it was problem with my environment setup.
Thanks.