search

Keats / jsonwebtoken

JWT lib in rust
MIT License
1.67k stars 266 forks source link

Getting error InvalidAudience when decoding token #344

Closed SamTV12345 closed 11 months ago

SamTV12345 commented 11 months ago

I have the problem that my Keycloak token isn't considered valid. The token looks like this:

{
  "exp": 1699276890,
  "iat": 1699276590,
  "auth_time": 1699276590,
  "jti": "ce0547a2-7f80-4db4-908d-dbb360432053",
  "iss": "http://192.168.2.33/realms/master",
  "aud": "podfetch",
  "sub": "2f80b74a-96c1-45bc-be0c-ecaefa7c123b",
  "typ": "ID",
  "azp": "podfetch",
  "session_state": "31fda340-0055-45d0-949d-50ce707fbabf",
  "at_hash": "j3xvmXKSwEcNpY0LcD8xtQ",
  "acr": "1",
  "sid": "31fda340-0055-45d0-949d-50ce707fbabf",
  "email_verified": false,
  "name": "admin admin",
  "preferred_username": "admin",
  "given_name": "admin",
  "family_name": "admin",
  "email": "admin@admin.com"
}

This is how I invoke the decode method:

        let jwk:Jwk = Jwk{
            common: CommonParameters{
                public_key_use: None,
                key_id: Some(unwrapped_response.kid.clone()),
                x509_url: None,
                x509_chain: None,
                x509_sha1_fingerprint: None,
                key_operations: None,
                key_algorithm: Some(KeyAlgorithm::RS256),
                x509_sha256_fingerprint: None,
            },
            algorithm: AlgorithmParameters::RSA(key_param),
        };
        let key = DecodingKey::from_jwk(&jwk).unwrap();
        let validation = Validation::new(Algorithm::RS256);

Decode returns an Error with InvalidAudience. I am wondering why this happens as this token is generated by Keycloak.

SamTV12345 commented 11 months ago

Found the error. It was because audience was not set on the validation object.