search

thephpleague / oauth2-server-bundle

Symfony bundle for the OAuth2 Server.
MIT License
176 stars 86 forks source link

Uncaught PHP Exception Defuse\Crypto\Exception\BadFormatException: "Encoding::hexToBin() input is not a hex string." #181

Closed barbhackk closed 4 months ago

barbhackk commented 4 months ago

Hello everyone,

I have a problem with OAuth Server bundle on symfony. In developement mode it works perfectly but on my server I have an error :

{
    "class": "Defuse\\Crypto\\Exception\\BadFormatException",
    "message": "Encoding::hexToBin() input is not a hex string.",
    "code": 0,
    "file": "/html/vendor/defuse/php-encryption/src/Encoding.php:66",
    "trace": [
        "/html/vendor/defuse/php-encryption/src/Encoding.php:229",
        "/html/vendor/defuse/php-encryption/src/Key.php:53",
        "/html/var/cache/prod/ContainerPqse2WM/getLeague_Oauth2Server_AuthorizationServerService.php:42",
        "/html/var/cache/prod/ContainerPqse2WM/App_KernelProdContainer.php:163",
        "/html/var/cache/prod/ContainerPqse2WM/getLeague_Oauth2Server_Controller_AuthorizationService.php:23",
        "/html/var/cache/prod/ContainerPqse2WM/App_KernelProdContainer.php:163",
        "/html/vendor/symfony/dependency-injection/Container.php:229",
        "/html/vendor/symfony/dependency-injection/Container.php:211",
        "/html/vendor/symfony/http-kernel/Controller/ContainerControllerResolver.php:40",
        "/html/vendor/symfony/framework-bundle/Controller/ControllerResolver.php:26",
        "/html/vendor/symfony/http-kernel/Controller/ControllerResolver.php:66",
        "/html/vendor/symfony/http-kernel/HttpKernel.php:164",
        "/html/vendor/symfony/http-kernel/HttpKernel.php:76",
        "/html/vendor/symfony/http-kernel/Kernel.php:197",
        "/html/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35",
        "/html/vendor/autoload_runtime.php:29",
        "/html/public/index.php:5"
    ]
}

I think it's a problem with encryption_key_type: defuse but I don't understand why in dev it's work, on my Macbook pro and don't work on my server with docker and container with PHP fpm alpine.

Here is my config :

league_oauth2_server:
    authorization_server:

        # Full path to the private key file.
        private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%'

        # Passphrase of the private key, if any
        private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%'

        # The plain string or the ascii safe string used to create a Defuse\Crypto\Key to be used as an encryption key.
        # How to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password
        encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%'

        # The type of value of 'encryption_key'
        encryption_key_type:  defuse # One of "plain"; "defuse"

        # How long the issued access token should be valid for.
        # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        access_token_ttl:     PT1H

        # How long the issued refresh token should be valid for.
        # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        refresh_token_ttl:    P1Y

        # How long the issued auth code should be valid for.
        # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        auth_code_ttl:        PT10M

        # Whether to enable the client credentials grant
        enable_client_credentials_grant: true

        # Whether to enable the password grant
        enable_password_grant: true

        # Whether to enable the refresh token grant
        enable_refresh_token_grant: true

        # Whether to enable the authorization code grant
        enable_auth_code_grant: true

        # Whether to require code challenge for public clients for the auth code grant
        require_code_challenge_for_public_clients: true

        # Whether to enable access token saving to persistence layer (default to true)
        persist_access_token: true

    resource_server:

        # Full path to the public key file
        public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%'

    scopes:

        # Scopes that you wish to utilize in your application.
        # This should be a simple array of strings.
        available:               ['read_email']

        # Scopes that will be assigned when no scope given.
        # This should be a simple array of strings.
        default:                 ['read_email']

    # Configures different persistence methods that can be used by the bundle for saving client and token data.
    # Only one persistence method can be configured at a time.
    persistence:
        doctrine:

            # Name of the entity manager that you wish to use for managing clients and tokens.
            entity_manager:       default

    # Set a custom prefix that replaces the default 'ROLE_OAUTH2_' role prefix
    role_prefix:          ROLE_OAUTH2_

    client:
        # Set a custom client class. Must be a League\Bundle\OAuth2ServerBundle\Model\Client
        classname:        League\Bundle\OAuth2ServerBundle\Model\Client
when@test:
    league_oauth2_server:
        persistence:
            in_memory: null

Thanks for your help,

Sebastien

barbhackk commented 4 months ago

If I set encryption_key_type: plain it works perfectly... I don't understand !

barbhackk commented 4 months ago

Hi,

Sorry I'm a noob in OAuth Server and I just see in https://oauth2.thephpleague.com/installation/ the generation of encryption key with this command vendor/bin/generate-defuse-key.

Sorry for the inconvenience.

I close this issue.

Thanks.