None of the provided URLs returned a valid JSON Web Key Set
adriano-di-giovanni opened this issue · comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Ory Oathkeeper cannot recognize the credentials generated via the Ory Oathkeeper CLI.
Reproducing the bug
In a terminal session
git clone https://github.com/adriano-di-giovanni/oathkeeper-jwks-issue
cd oathkeeper-jwks-issue
docker compose up
In another terminal session
curl http://localhost:4456/.well-known/jwks.json
Relevant log output
2024-02-29 10:45:49 oathkeeper-1 | time=2024-02-29T09:45:49Z level=info msg=started handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http]
2024-02-29 10:45:49 oathkeeper-1 | time=2024-02-29T09:45:49Z level=error msg=An error occurred while handling a request audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:None of the provided URLs returned a valid JSON Web Key Set. status:Internal Server Error status_code:500] http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[status_code:500] service_name=ORY Oathkeeper service_version=v0.40.6
2024-02-29 10:45:49 oathkeeper-1 | time=2024-02-29T09:45:49Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[headers:map[content-type:application/json] size:215 status:500 text_status:Internal Server Error took:1.366ms]
Relevant configuration
authenticators:
jwt:
config:
jwks_urls:
- file://etc/config/oathkeeper/jwks.json
enabled: true
Version
0.40.6
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Docker Compose
Additional Context
The credentials were created by issuing the command docker run -it --rm oryd/oathkeeper:v0.40 credentials generate --alg RS256 > docker/oathkeeper/jwks.json
I've also attempted to use the keys generated with different algorithms on mkjwk.org.