auth0 / node-jwks-rsa

A library to retrieve RSA public keys from a JWKS (JSON Web Key Set) endpoint.
MIT License
836 stars 236 forks source link

Http Error 400 on GetSigningKey #307

Closed alexlindsay closed 2 years ago

alexlindsay commented 2 years ago

Hi there - I have two JWT flows I'm validating with node-jwks-rsa. One goes through fine, while the other throws this error when the jwks client calls getSigningKey. When I inspect the JSONs at both the jwks uri locations they have the same format and properties. Both have KIDs that match what is located at the jwks uris with what is encoded in the tokens, the only difference I see between the two jwks json objects is one has a space between property name and semi-colon whereas the other doesn't. I'm wondering what would cause the client to throw the error here for 1 token versus the other?

Error tracing below shows it's a call with the jwksClient.getKeys() method.

Jwks client set up with: const client = jwksClient({ jwksUri: <jwks_uri_value>, });

and throws the error when calling getSigningKey with a valid KeyID: `client.getSigningKey(keyId, function(err, key) {

})` `JwksError: Http Error 400 at JwksClient.getKeys (/var/task/lambda-breach-search/node_modules/jwks-rsa/src/JwksClient.js:48:25) at processTicksAndRejections (internal/process/task_queues.js:95:5) at async JwksClient.getSigningKeys (/var/task/lambda-breach-search/node_modules/jwks-rsa/src/JwksClient.js:53:18) at async JwksClient.getSigningKey (/var/task/lambda-breach-search/node_modules/jwks-rsa/src/JwksClient.js:71:18)`
adamjmcgrath commented 2 years ago

Hi @alexlindsay

That error tells me that you're getting a 400 back from your jwksUri endpoint. Could you tell me what value you're providing for jwksUri?

alexlindsay commented 2 years ago

Was able to get the data I needed just fetching from the jwks uri and then using jwktopem package instead.

ThasianX commented 2 years ago

I am having this exact same issue. The uri I'm passing in for my jwks is completely valid, following the express example.