None of the provided URLs returned a valid JSON Web Key Set

Question

None of the provided URLs returned a valid JSON Web Key Set

adriano-di-giovanni opened this issue 4 months ago · comments

Adriano D.G. commented 4 months ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Ory Oathkeeper cannot recognize the credentials generated via the Ory Oathkeeper CLI.

Reproducing the bug

In a terminal session

git clone https://github.com/adriano-di-giovanni/oathkeeper-jwks-issue
cd oathkeeper-jwks-issue
docker compose up

In another terminal session

curl http://localhost:4456/.well-known/jwks.json

Relevant log output

2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=info msg=started handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http]
2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=error msg=An error occurred while handling a request audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:None of the provided URLs returned a valid JSON Web Key Set. status:Internal Server Error status_code:500] http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[status_code:500] service_name=ORY Oathkeeper service_version=v0.40.6
2024-02-29 10:45:49 oathkeeper-1  | time=2024-02-29T09:45:49Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* user-agent:curl/8.4.0] host:localhost:4456 method:GET path:/.well-known/jwks.json query:<nil> remote:192.168.65.1:61799 scheme:http] http_response=map[headers:map[content-type:application/json] size:215 status:500 text_status:Internal Server Error took:1.366ms]

Relevant configuration

authenticators:
  jwt:
    config:
      jwks_urls:
        - file://etc/config/oathkeeper/jwks.json
    enabled: true

Version

0.40.6

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

The credentials were created by issuing the command docker run -it --rm oryd/oathkeeper:v0.40 credentials generate --alg RS256 > docker/oathkeeper/jwks.json

Adriano D.G. · Answer 1 · Thu Feb 29 2024 19:09:46 GMT+0800 (China Standard Time)

I've also attempted to use the keys generated with different algorithms on mkjwk.org.