I'm facing OAuth2 JWT token verification exception last hour (so no one can access my application):
java.security.SignatureException: Signature length not correct: got 256 but was expecting 128. I'm using google-http-client 1.20.0
and Java 1.7.0
. Same configuration worked so far - any ideas?
Stacktrace
java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
at sun.security.rsa.RSASignature.engineVerify(Unknown Source) ~[na:1.7.0_45]
at java.security.Signature$Delegate.engineVerify(Unknown Source) ~[na:1.7.0_45]
at java.security.Signature.verify(Unknown Source) ~[na:1.7.0_45]
at com.google.api.client.util.SecurityUtils.verify(SecurityUtils.java:164) ~[google-http-client-1.20.0.jar:1.20.0]
Same problem here, I added the source code of GoogleIdTokenVerifier to my project and changed the method:
just handle the exception, the second certificate works fine.
Edit: you can subclass as Erik-z suggested if you want to make it more clean:
Edit 2: I can't make it work using the code below, I will stick to the ugly hack above.