You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have upgraded form 12.0.3 to 16.0.1.
this.oidcSecurityService
.checkAuth()
.subscribe(
({isAuthenticated}) => {console.log('app authenticated', isAuthenticated);}
);
In version 12.0.3 the isAuthenticated is return "true" and I have no problem to logging in.
But, after I have upgraded to 16.0.1 the exact same value of the JWK URI returned.
It's complaining about the JWK "alg" member was inconsistent.
Steps to reproduce the behavior
I am using code flow with http config. At first all the configuration is been loaded.
Here is the authWellKnownEndpoints:
"authWellknownEndpointUrl": "https://../oidc-discovery/v1",
"authWellknownEndpoints": {
"issuer": "https://.../sso/oauth2/realms/root/realms/idaaspstoidc",
"jwksUri": "https://.../oidc/connect/jwk_uri",
"authorizationEndpoint": "https://.../oidc/authorize",
"tokenEndpoint": "https://.../oidc/access_token",
"userInfoEndpoint": "https://.../oidc/userinfo",
"endSessionEndpoint": "https://.../oidc/connect/endSession",
"checkSessionIframe": "https://.../oidc/connect/checkSession",
"revocationEndpoint": "https://.../oidc/token/revoke",
"introspectionEndpoint": "https://.../oidc/introspect"
}
After oidcSecurityService.checkAuth(), it return the error saying "JWK "alg" member was inconsistent".
I have seen the login process is success and it was returning the access token as well.
The AuthCallback created, begin token validation…
After that, Getting signinkeys from jwk_uri
Then it failure on the SigninKeyDataService.getSigningKeys
A clear and concise description of what you expected to happen.
It seems like the issues is happening when getting sign in keys from in the following code:
class SigninKeyDataService {
constructor(storagePersistenceService, loggerService, dataService) {
this.storagePersistenceService = storagePersistenceService;
this.loggerService = loggerService;
this.dataService = dataService;
}
getSigningKeys(currentConfiguration) {
const authWellKnownEndPoints = this.storagePersistenceService.read('authWellKnownEndPoints', currentConfiguration);
const jwksUri = authWellKnownEndPoints?.jwksUri;
if (!jwksUri) {
const error = `getSigningKeys: authWellKnownEndpoints.jwksUri is: '${jwksUri}'`;
this.loggerService.logWarning(currentConfiguration, error);
return throwError(() => new Error(error));
}
this.loggerService.logDebug(currentConfiguration, 'Getting signinkeys from ', jwksUri);
return this.dataService.get(jwksUri, currentConfiguration).pipe(retry(2), catchError((e) => this.handleErrorGetSigningKeys(e, currentConfiguration)));
}
handleErrorGetSigningKeys(errorResponse, currentConfiguration) {
let errMsg = '';
if (errorResponse instanceof HttpResponse) {
const body = errorResponse.body || {};
const err = JSON.stringify(body);
const { status, statusText } = errorResponse;
errMsg = `${status || ''} - ${statusText || ''} ${err || ''}`;
}
else {
const { message } = errorResponse;
errMsg = !!message ? message : `${errorResponse}`;
}
this.loggerService.logError(currentConfiguration, errMsg);
return throwError(() => new Error(errMsg));
}
Additional context
I am suck in my upgrade process, please let me know if I can bypass the validation or skip the sign in key data service. I really appreciate if some can help me on this issue. Thank you in advance.
The text was updated successfully, but these errors were encountered:
Version
16.0.1
Please provide a link to a minimal reproduction of the bug
Here is the https://.../oidc/connect/jwk_uri : {
"keys": [
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-256",
"alg": "ES256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA-OAEP"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA-OAEP-256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“..”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA1_5"
},
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-384",
"alg": "ES384"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "PS256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS256"
},
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-521",
"alg": "ES512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "PS512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “s…”,
"e": "AQAB",
"alg": "PS384"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS384"
}
]
}
Please provide the exception or error you saw
Steps to reproduce the behavior
A clear and concise description of what you expected to happen.
Additional context
I am suck in my upgrade process, please let me know if I can bypass the validation or skip the sign in key data service. I really appreciate if some can help me on this issue. Thank you in advance.
The text was updated successfully, but these errors were encountered: