Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue trying to get JWK using JwksClient #263

Closed
nkshah2 opened this issue Sep 18, 2021 · 4 comments
Closed

Issue trying to get JWK using JwksClient #263

nkshah2 opened this issue Sep 18, 2021 · 4 comments
Labels
question

Comments

@nkshah2
Copy link

nkshah2 commented Sep 18, 2021

Describe the problem

Our JWK provider issues JWKs with the following format

{
    keys: [
        {
            kty: 'RSA',
            kid: 'string',
            n: 'string',
            e: 'string',
            alg: 'RS256',
            use: 'sig'
        }
    ]
}

which is a valid JWK (im not too familiar with different formats so correct me if im wrong here). When trying to verify a JWT using the JwksClient the package throws (paths are stripped)

JwksError: The JWKS endpoint did not contain any signing keys
    at JwksClient.getSigningKeys (/node_modules/jwks-rsa/src/JwksClient.js:64:13)
    at processTicksAndRejections (/process/task_queues.js:95:5)
    at async JwksClient.getSigningKey (/node_modules/jwks-rsa/src/JwksClient.js:73:18)

The json response did contain an array with a key inside it

What was the expected behavior?

The provided JWK should be considered valid and the package should not throw an error

Reproduction

Unfortunately I cant share my code since its an organisation project, Im also not too sure on how to go about reproducing it in a sample project but I suppose if you have an endpoint that is serving a JSON with the format mentioned above the following code snippet can be used to reproduce it

let jwt = "somejwt"
let JWKSRSA = require("jwks-rsa");

let client  = new JWKSRSA.JwksClient({
    jwksUri: `https://someapi/jwks.json`,
})

await client.getSigningKey(jwt)

Environment

  • Version of this library used: 2.0.4
  • Which framework are you using, if applicable: NodeJS
  • Other modules/plugins/libraries that might be involved: --
  • Any other relevant information you think would be useful: --
@adamjmcgrath
Copy link
Contributor

Hi @nkshah2 - thanks for raising this

getSigningKey takes a kid (Key ID), so you need to pass it the kid claim from the header of your JWT rather than the whole JWT itself.

@adamjmcgrath
Copy link
Contributor

JwksError: The JWKS endpoint did not contain any signing keys

Also, could you share your jwks.json endpoint (eg https://brucke.auth0.com/.well-known/jwks.json)? They're public keys so it should be publically available

@nkshah2
Copy link
Author

nkshah2 commented Oct 6, 2021

Hi, I should've updated this earlier. Turns out in some cases the kty in the public key was "rsa" and not "RSA" which caused the logic to filter keys to return an empty array. After getting that fixed everything is working fine.

Thanks anyway!

@adamjmcgrath
Copy link
Contributor

Great - thanks for letting me know @nkshah2!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adamjmcgrath @nkshah2