Issue: Signature Verification Failure for Co-Signer Callback
I followed the standard setup process for a Non-signing Admin co-signer. However, after triggering an action in the Fireblocks Console UI, I encountered an issue with the callback request sent to my handler.
The Problem
The request sent by the co-signer appears to be malformed or incorrectly signed. Here is an example of the JWT structure received:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0eXBlIjoiVU5NQU5BR0VEX1dBTExFVCIsImV4dHJhSW5mbyI6eyJ3YWxsZ…………c3Yi1iZDkwYTZjZDE1NDQifQ.0000000000000…..00000000
Observations
-
Invalid Signature: The co-signer appears to be signing the request body incorrectly.
-
Verification Error: When attempting to verify the JWT using the public key provided by the co-signer, the process fails with the error:
signature verification failed. -
Public Key Logs: I have verified that the logs correctly display the public key, which initially led me to believe the configuration was correct.
Despite the logs showing the correct key, the signature remains invalid, preventing successful authentication of the callback.