-
Notifications
You must be signed in to change notification settings - Fork 10
Description
I've been using this library in a project of mine lsat-js which is an authentication scheme that leverages macaroons. It's been great so far, especially with the TS support.
Unfortunately, I ran into a problem when interacting with other libraries. It was discovered recently that certain macaroons were unable to be decoded by the lsat-js library that were originally encoded in and able to be decoded by other implementations.
With this sample base64 encoded macaroon:
AgESMy4xMzYuMTc4LjE1OjM0MjM4AkIAAD2b0rX78LATiVo8bKgHuurefeF5OeX2H5ZuacBIK3+RAR1PKU1oZpfCZFib4zdDoj0pOpgPmhtuzNllU+y//D0AAAYgcWFs9FIteCzpCcEPSwmXKBpcx97hyL5Yt99cbLjRHzU=
I am able to decode in this js macaroon implementation (link) which maintains compatibility with several other implementations. This was also generated and verified in a golang package.
Unfortunately, using MacaroonsBuilder.deserialize I get this error (with stack trace):
RangeError [ERR_INVALID_OPT_VALUE]: The value "-1" is invalid for option "size"
at Function.alloc (buffer.js:278:3)
at Function.MacaroonsDeSerializer.readPacket (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:87:27)
at Function.MacaroonsDeSerializer.deserializeStream (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:25:58)
at Function.MacaroonsDeSerializer.deserialize (node_modules/macaroons.js/lib/MacaroonsDeSerializer.js:16:38)
at Function.MacaroonsBuilder.deserialize (node_modules/macaroons.js/lib/MacaroonsBuilder.js:33:38)
I was wondering if this was a known incompatibility if maybe the split from the specs was deliberate, and if not if there was some way to patch it?
It does look like there's a comment to catch the type of situation that's happening here (see here) but it's not getting caught and the buffer is allocated with size of -1.
Thanks!