search

antarctica / flask-azure-oauth

Python Flask extension for securing apps with Azure Active Directory OAuth
https://pypi.org/project/flask-azure-oauth/
MIT License
42 stars 20 forks source link

Untrusted token JWK #27

Open ingesa-mel opened 1 year ago

ingesa-mel commented 1 year ago

I get this error when trying to authenticate my access-token.

{"errors": [{"status": 401, "title": "Untrusted token JWK", "detail": "The JSON Web Key (JWK) identified by the 'kid' (Key ID) field in the token header, does not correspond to one of the JWKs in the JSON Web Key Set (JWKS) trusted by this API. Ensure you are using the correct 'kid' and try again, or contact support."}]}

Question: How can I ensure to be using the correct 'kid'?

My use case: I am coming from a Vue frontend application with an access token and need to verify that token in Flask in order to access protected resources. Both my frontend and backend applications are registered as Azure AD B2C applications.

I've implemented the library just as in the minimal example provided. I am setting AZURE_B2C_TENANT_MODE = 'true' and also specifying AZURE_TENANT_NAME and AZURE_B2C_REGISTERLOGIN_USERFLOW_NAME.

Could this be a problem with my Azure setup(I am fairly new to Azure AD B2C)? However I am not sure how I could misspecify the 'kid' since it is not part of the library configuration.

Thankful for any kind of advice.

ayancey commented 1 year ago

I'm getting this error now, too. The problem I had was that the Flask app was running for so long that the JSON web keys were rotated, and the module doesn't seem to refresh the keys after initialization. Solution for me was to restart the flask app on a schedule.