Closed Eweol closed 1 year ago
I ran across this with a different application recently. The solution for me was to set a Signing Key in the OAuth2 Provider settings, as one was not set by default:
The proxy outpost used to use an RSA key to sign the JWTs, but that was changed a while ago since authentik currently doesn't have a way to seamlessly rotate certificates, so when the JWT certificate would expire, it would cause issues
Hence the current JWT is signed via HS256
The PR above fixes the issuer url and JWKS URL for the embedded outpost
In the future we'll add a way to have certificate successors to allow this certificate change more seamlessly, and then the providers JWTs will be signed with RS256 again
I ran across this with a different application recently. The solution for me was to set a Signing Key in the OAuth2 Provider settings, as one was not set by default:
Hi @EHLO1,
Yes with OIDC Provider I had same issue and fixed it like you, but in that case, I don`t use OIDC-Provider, I use the Forward Auth Proxy Provider. This is not supporting an Signing Key like that.
Describe your question/ Hey guyes,
Thank you very much for this beautifull peace of code. This helps me in a lot of cases very much.
I struggeling with one application within my cluster.
For N8N. I use Authentik as an Single Application forward auth proxy. My Traefik is configured on the right way to provide the related headers. N8N accepts an JWT and an JKWS URL provided by headers. After my configuration I tried, but it fails with error message: ``JWKS URL dont provide data'' After trying on my own, I saw its right the JWKS-URL only provide an empty JSON.
Is this the expected behavior? Why is than an JWKS-URL provided via header? Is there a possibility to provide JWKS?
Relevant infos N8N configuration -> https://docs.n8n.io/hosting/environment-variables/#security N8N version -> 0.194.0
Version and Deployment (please complete the following information):