Add a test case to illustrate a256gcm decipher fail

[dmulder]

This is a real access token response from MS, using their oauth2 version 2 protocol and PRT version 3 request (and the encrypted token is no longer valid, as the enrolled object has been deleted).

• cargo fmt has been run
• cargo test has been run and passes
• documentation has been updated with relevant examples (if relevant)

[Firstyear]

I went through this test and the associated code and I don't see anything wrong in compact_jwt. We get the jwec with direct + aes256gcm, which you then correct attempt to deserialise with the direct key.

The decryption fails in the "decrypted.finalise" step which indicates that the authentication tag didn't match. The most likely explanation is that the aes key you are using isn't correct for the payload.

[dmulder]

I went through this test and the associated code and I don't see anything wrong in compact_jwt. We get the jwec with direct + aes256gcm, which you then correct attempt to deserialise with the direct key.

The decryption fails in the "decrypted.finalise" step which indicates that the authentication tag didn't match. The most likely explanation is that the aes key you are using isn't correct for the payload.

Ok, that was my belief as well after analyzing things. I just don't understand why this would have failed. Unless I'm formatting the public key incorrectly in the previous request (so it's encrypted using the wrong public key)? This could be. I've seen MS accept garbage before for the public key.

[Firstyear]

Yeah, it could be something like that. It's hard when you're trying to poke at a black box to work out what's going on :(