search

ory / oathkeeper

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=hydra
Apache License 2.0
3.27k stars 361 forks source link

None of the provided URLs returned a valid JSON Web Key Set #1151

Open adriano-di-giovanni opened 9 months ago

adriano-di-giovanni commented 9 months ago

Preflight checklist

Ory Network Project

No response

Describe the bug

Ory Oathkeeper cannot recognize the credentials generated via the Ory Oathkeeper CLI.

Reproducing the bug

In a terminal session

git clone https://github.com/adriano-di-giovanni/oathkeeper-jwks-issue
cd oathkeeper-jwks-issue
docker compose up

In another terminal session

curl http://localhost:4456/.well-known/jwks.json

Relevant log output

2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=info msg=started handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http]
2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=error msg=An error occurred while handling a request audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:None of the provided URLs returned a valid JSON Web Key Set. status:Internal Server Error status_code:500] http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[status_code:500] service_name=ORY Oathkeeper service_version=v0.40.6
2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[headers:map[content-type:application/json] size:215 status:500 text_status:Internal Server Error took:1.366ms]

Relevant configuration

authenticators:
  jwt:
    config:
      jwks_urls:
        - file://etc/config/oathkeeper/jwks.json
    enabled: true

Version

0.40.6

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

The credentials were created by issuing the command docker run -it --rm oryd/oathkeeper:v0.40 credentials generate --alg RS256 > docker/oathkeeper/jwks.json

adriano-di-giovanni commented 9 months ago

I've also attempted to use the keys generated with different algorithms on mkjwk.org.