search

Fraunhofer-AISEC / ids-clearing-house-service

This is an implementation of the IDS Clearing House
Apache License 2.0
0 stars 11 forks source link

Error getting JWKSet from DAPS #23

Closed AnaCarolinaChaves closed 2 years ago

AnaCarolinaChaves commented 2 years ago

I'm using a local DAPS and the CH is trying to get the token from the wrong URL.

The correct URL would be http://<DAPS-NAME>/.well-known/oauth-authorization-server/auth . The one the CH is trying to connect with is http://<DAPS-NAME>/.well-known/jwks.json.

The Logging-service logs are:

[2022-06-15][15:21:12][core_lib::api::auth][DEBUG] ...no jwks cached
[2022-06-15][15:21:12][core_lib::api::client::daps_api][DEBUG] trying to get JWKSet from url: http://vcese19.inesctec.pt:4567/.well-known/jwks.json
[2022-06-15][15:21:12][hyper::client::connect::dns][DEBUG] resolving host="vcese19.inesctec.pt"
[2022-06-15][15:21:12][hyper::client::connect::http][DEBUG] connecting to 10.12.4.34:4567
[2022-06-15][15:21:12][tokio_reactor][DEBUG] adding I/O source: 0
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Write for: 0
[2022-06-15][15:21:12][hyper::client::connect::http][DEBUG] connected to Some(10.12.4.34:4567)
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][hyper::proto::h1::io][DEBUG] flushed 135 bytes
[2022-06-15][15:21:12][hyper::proto::h1::io][DEBUG] read 308 bytes
[2022-06-15][15:21:12][hyper::proto::h1::io][DEBUG] parsed 5 headers
[2022-06-15][15:21:12][hyper::proto::h1::conn][DEBUG] incoming body is content-length (153 bytes)
[2022-06-15][15:21:12][hyper::proto::h1::conn][DEBUG] incoming body completed
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][hyper::client::pool][DEBUG] pooling idle connection for "http://vcese19.inesctec.pt:4567"
[2022-06-15][15:21:12][reqwest::async_impl::response][DEBUG] Response: '404 Not Found' for http://vcese19.inesctec.pt:4567/.well-known/jwks.json
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][core_lib::api::client::daps_api][ERROR] error while parsing answer from server: Error("expected value", line: 1, column: 1)
[2022-06-15][15:21:12][tokio_reactor::registration][DEBUG] scheduling Read for: 0
[2022-06-15][15:21:12][core_lib::api::auth][ERROR] ... failed to get jwks from daps!
[2022-06-15][15:21:12][_][WARN] Request guard ApiKey < IdsClaims, Empty > is forwarding.
[2022-06-15][15:21:12][_][INFO] Outcome: Forward

On the Logging-system logs the URL appears on the Routes: [2022-06-15][15:16:09][rocket::launch][INFO] 📬 Routes: [2022-06-15][15:16:09][rocket::launch_][INFO] (get_public_sign_key) GET /.well-known/jwks.json application/json

Is there any way to override the URL?

kragall commented 2 years ago

Currently, there is not environment variable to override the URL.

This part of the URL is set by the internal constant DAPS_JWKS here. So you could change it there and rebuild the docker containers.

AnaCarolinaChaves commented 2 years ago

Thank you.

I was able to fix this issue by updating the DAPS proxy to redirect to the correct URL.