Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatibility with other implementations #51

Open
bucko13 opened this issue Feb 19, 2021 · 2 comments
Open

Incompatibility with other implementations #51

bucko13 opened this issue Feb 19, 2021 · 2 comments

Comments

@bucko13
Copy link

bucko13 commented Feb 19, 2021

I've been using this library in a project of mine lsat-js which is an authentication scheme that leverages macaroons. It's been great so far, especially with the TS support.

Unfortunately, I ran into a problem when interacting with other libraries. It was discovered recently that certain macaroons were unable to be decoded by the lsat-js library that were originally encoded in and able to be decoded by other implementations.

With this sample base64 encoded macaroon:

AgESMy4xMzYuMTc4LjE1OjM0MjM4AkIAAD2b0rX78LATiVo8bKgHuurefeF5OeX2H5ZuacBIK3+RAR1PKU1oZpfCZFib4zdDoj0pOpgPmhtuzNllU+y//D0AAAYgcWFs9FIteCzpCcEPSwmXKBpcx97hyL5Yt99cbLjRHzU=

I am able to decode in this js macaroon implementation (link) which maintains compatibility with several other implementations. This was also generated and verified in a golang package.

Unfortunately, using MacaroonsBuilder.deserialize I get this error (with stack trace):

     RangeError [ERR_INVALID_OPT_VALUE]: The value "-1" is invalid for option "size"
      at Function.alloc (buffer.js:278:3)
      at Function.MacaroonsDeSerializer.readPacket (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:87:27)
      at Function.MacaroonsDeSerializer.deserializeStream (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:25:58)
      at Function.MacaroonsDeSerializer.deserialize (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:16:38)
      at Function.MacaroonsBuilder.deserialize (node_modules/macaroons.js/lib/MacaroonsBuilder.js:33:38)

I was wondering if this was a known incompatibility if maybe the split from the specs was deliberate, and if not if there was some way to patch it?

It does look like there's a comment to catch the type of situation that's happening here (see here) but it's not getting caught and the buffer is allocated with size of -1.

Thanks!
@bucko13
Copy link
Author

bucko13 commented Feb 19, 2021

Just saw this closed issue and thinking perhaps it's related:
#10

Any chance of having an option where it can be brought into compatibility?

@bucko13
Copy link
Author

bucko13 commented Feb 19, 2021

Sorry, I was digging a little more and I'm not convinced this is entirely related to the issue linked above (#10) because looking into the macaroon.js implementation that is able to deserialize the macaroon above, it appears to also work in URL safe base64 (see here) but it's possible I'm missing something.

This was referenced Feb 19, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bucko13