Skip to content

error in secret or public key callback: The JWKS endpoint did not contain any signing keys #373

Closed
Closed
error in secret or public key callback: The JWKS endpoint did not contain any signing keys#373
Labels
bug
@hiteshjoshi

Description

@hiteshjoshi
hiteshjoshi
opened on Sep 22, 2023

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

I am getting The JWKS endpoint did not contain any signing keys the keys are at https://api-dev.ploton.app/api/jwt/jwks.json

My code :-

import { Request, Response, NextFunction } from "express";
import JsonWebToken, { JwtHeader, SigningKeyCallback } from "jsonwebtoken";
import jwksClient from "jwks-rsa";

export const verifySession = () => {
  var client = jwksClient({
    jwksUri: process.env.JWKS_URI as string
  });
  function getKey(header: JwtHeader, callback: SigningKeyCallback) {
    client.getSigningKey(header.kid, function (err, key) {
      var signingKey = key?.getPublicKey();
      console.log(process.env.JWKS_URI)
      callback(err, signingKey);
    });
  }

  return async (req: Request, res: Response, next: NextFunction) => {
    if (!req.headers.authorization) {
      return res
        .status(401)
        .send({ success: false, message: "Authorization header is required" });
    }

    const token = req.headers.authorization.split(" ")[1];

    JsonWebToken.verify(token, getKey, {}, function (err, decoded) {
      if (err) {
        console.log(err);
        return res
          .status(401)
          .send({ success: false, message: "Invalid token" });
      } else {
        const userID: string = decoded?.sub as string;

        req.user = userID; // set the decoded token to the request object
        next();
      }
    });
  };
};

Reproduction

I am doing curl request as.

curl -X POST -H "Authorization: Bearer eyJraWQiOiJkLTE2OTQ3NTMxMDc3NjQiLCJ0eXAiOiJKV1QiLCJ2ZXJzaW9uIjoiNCIsImFsZyI6IlJTMjU2In0.eyJpYXQiOjE2OTUyODYyMzQsImV4cCI6MTY5NTI4OTgzNCwic3ViIjoiMmY5NzcxZmItNDAyYS00ZWU1LThkOWUtZjUzMWExMzllYzFiIiwidElkIjoicHVibGljIiwic2Vzc2lvbkhhbmRsZSI6IjhlYzNlOTE4LWI4MGUtNDkzNy1iMTRhLTZiNzhiY2M1YTA5NiIsInJlZnJlc2hUb2tlbkhhc2gxIjoiY2Y5YWM5NzQwZWEyMzdmNThmNmNkZWQ0ZjUzZjExYzNkZDgzNGU2ZDRhZTQ0YTg0YzMyZmNjNDcxNjU1ZTQyNyIsInBhcmVudFJlZnJlc2hUb2tlbkhhc2gxIjpudWxsLCJhbnRpQ3NyZlRva2VuIjpudWxsLCJpc3MiOiJodHRwczovL2Rldi5wbG90b24uYXBwL2FwaSIsInN0LXJvbGUiOnsidiI6W10sInQiOjE2OTUyODYyMzQzMDB9LCJzdC1wZXJtIjp7InYiOltdLCJ0IjoxNjk1Mjg2MjM0MzQ3fSwiY2xhaW1zIjp7IngtdXNlci1pZCI6IjJmOTc3MWZiLTQwMmEtNGVlNS04ZDllLWY1MzFhMTM5ZWMxYiIsIngtdGVuYW50LWlkIjoicHVibGljIiwieC1kZWZhdWx0LXJvbGUiOiJ1c2VyIn19.DkE0UU3_TBz6JTEmH08PWYyXv8Qb99Ktp3tmXWzAH0Qtgn9jMILoR3R29ncYLagLFFJw7nF4sICxbiTokj6PQL577sHwJAj0ZlObb58NcQnYyH7_RfUW3QIkPvXKlvWUpr0r-GawCLRM1HxAg5FRf6pJ69Hqmi3H8JdsTdI7FrMCtLpW7XGanuk9IVb9zeBEjgJjKEmD4rucgXSxm-zNcMjKjZyT_c9eHzzmEV7HuO2mJ4txe2_jjGKQWWleJXhtozzbw6oQpqpVqv8fWFkY7xKv_mITB5M3lbggGZfahjUmaB_okrNJH91nCH-xryh6vDtuhEbZgnch1vGSXPCpsg" localhost:9000

{"success":false,"message":"Invalid token"}

Logs

$ bun server.ts
[0.03ms] ".env"
23-09-22T04:27:52.781Z jwks Configured caching of signing keys. Max: 5 / Age: 600000
23-09-22T04:27:52.781Z jwks Configured caching of signing keys. Max: 5 / Age: 600000
⚡️[server]: Server is running at http://localhost:9000
23-09-22T04:28:00.899Z jwks Fetching signing key for 'd-1694753107764'
23-09-22T04:28:00.899Z jwks Fetching keys from 'https://api-dev.ploton.app/api/jwt/jwks.json'
localhost - - [22/Sep/<concealed by 1Password>23:04:28:00 +0000] "POST / HTTP/1.1" - - "-" "curl/8.1.2"
23-09-22T04:28:01.347Z jwks Keys: [ { kty: 'RSA',
    kid: 'd-1694753107764',
    n: 'uLEf5SMBJkDFoRkUHM_uJbjNHe6fnSdf-43lmkOJo3XBcXOHSU-JHyX0vefEhYkdaZetDo6k6FC4LX-BJpIjkD6XerEJCbHymnMPaF-hGkbmAm2-J5vrXpNZjtWNNFI0UMgtIXFLatkqZVmBF0by6pHVqvjgwjaLdIZMen4v4CrSNrij2SxNyMoSNHrjXwDuV3n-Sp7XwrOydWUwBYpdUnd2Lf5_REq-O8gkopwgT2F4KWTWmbnG9CW4pogkNL4WumWMxv5ppIE6W0V4jCZ1_8Md3pvp2GPwKdaLpTeCwsO25pm_3i-sgpKX_jZ5BqirMJGAQ0um-H4h798riSUBhw',
    e: 'AQAB',
    alg: 'RS256',
    use: 'sig' },
  { kty: 'RSA',
    kid: 's-be9f15b0-8366-485b-b4c4-99badb008086',
    n: 'wAEyyNFUwMwmn1mkWKum4fN6-r66YQrZv91TfDX4JtFcyFWhrGXKFw53KE13cvN4Z5jTFtw8hh1lkNSvPHogj9pg6b3r69AnNkCRwcHgIeNNhs2jG9XW4WAuwaFnUiPVavnoDbLZDi8NUVqE1UxDztbiZhodfKdAkRNkU9gKNsSdnRnGGgWc_MBz1L3d3k4eexSwAQQNR4f3kK1wqArizyxkDNEV3cYpEfBVkHKwRxYpRHividATzeYxIAkBgJnvHZft8YXNKHwLPvPE9bRLx2Oz8l6bnD-P4AxjjR5KdXN3F-sTWUPwKxm1p_GFlvqTrERjbbrUul2_hDhz3-txuw',
    e: 'AQAB',
    alg: 'RS256',
    use: 'sig' } ]
{
  stack: "Error: \n    at <anonymous> (/Users/hitesh/dev/jwt_supertokens_hasura/node_modules/jsonwebtoken/lib/JsonWebTokenError.js:7:2)\n    at <anonymous> (/Users/hitesh/dev/jwt_supertokens_hasura/node_modules/jsonwebtoken/verify.js:105:10)\n    at <anonymous> (/Users/hitesh/dev/jwt_supertokens_hasura/verify_session.ts:12:5)\n    at processTicksAndRejections (native)",
  name: "JsonWebTokenError",
  message: "error in secret or public key callback: The JWKS endpoint did not contain any signing keys",
  toString: [Function: toString]
}

jwks-rsa version

^3.0.1

Node.js version

v20.7.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions