Reactive JWT Decoder not picking up algo from jwk but non reactive version works #11812

thomasmillergb · 2022-09-12T17:40:05Z

Describe the bug
ReactiveJwtDecoders.fromIssuerLocation("https://thomasmiller.eu.authz.cloudentity.io/thomasmiller/test") does not return the correct algo. As RS256 comes back instead of EC256
However Not reactive version does work and comes back with EC256
JwtDecoders.fromIssuerLocation("https://thomasmiller.eu.authz.cloudentity.io/thomasmiller/test")

Drilling into it ReactiveJwtDecoderProviderConfigurationUtils.getJWSAlgorithms() will return the right value if you block it. However its never ran, due to further up chain.

** Reproduce **
Create a JWT with EC256
Have JWK of EC256
`ReactiveJwtDecoders.fromIssuerLocation("jwk with just ec256")

// The access token is a test token with no access and is expired invalid 
    main(){
// Will throw ec256 not supported
ReactiveJwtDecoders
.fromIssuerLocation("https://thomasmiller.eu.authz.cloudentity.io/thomasmiller/test")
.decode("eyJhbGciOiJFUzI1NiIsImtpZCI6IjI1MzI4NzQzODA2OTQyMjcyNDI5OTE2MDUwMzE5OTE1MTM3NTAxNSIsInR5cCI6IkpXVCJ9.eyJhY3IiOiIxIiwiYWlkIjoidGVzdCIsImFtciI6WyJwd2QiXSwiYXVkIjpbImFiYWZjOTk0ZWM2MjQzMWFhZGE1YTBmNTc3YTM5ZTM4Iiwic3BpZmZlOi8vdGhvbWFzbWlsbGVyLmV1LmF1dGh6LmNsb3VkZW50aXR5LmlvL3Rob21hc21pbGxlci90ZXN0L3Rlc3QtcHJvZmlsZSJdLCJleHAiOjE2NjI5MzQ5MDMsImlhdCI6MTY2MjkzMTMwMywiaWRwIjoiZDcyODJlYzI0MjUyNDE0NThjM2MxYjRkZTlkOTNjYTEiLCJpc3MiOiJodHRwczovL3Rob21hc21pbGxlci5ldS5hdXRoei5jbG91ZGVudGl0eS5pby90aG9tYXNtaWxsZXIvdGVzdCIsImp0aSI6ImY0YzMyNmU1LTlmNmQtNDQ5Ni05YjhhLWExNmY0ODFiMGM0NyIsIm5iZiI6MTY2MjkzMTMwMywic2NwIjpbImVtYWlsIiwib3BlbmlkIiwicHJvZmlsZSJdLCJzdCI6InB1YmxpYyIsInN1YiI6ImM2NDljNDQ0OGFkZDQ0ZWY1ZDA1NjEwY2JlMDEwNDU1Yjk5Y2RkZDdjMmU1MDY1YTYxNTNhYWI4ZTM5YzVhODkiLCJ0aWQiOiJ0aG9tYXNtaWxsZXIifQ.OgKf6CSojaV07UnIXUk7McATha2-TRbvGOcuCtUYMnZI8lyq2M6tpe_ueZB6sttK-h9xvUnMurKvYf9zOGs6qA")
}

** Notes **

Looks to be have introduced in
#7160

The text was updated successfully, but these errors were encountered:

m-kay · 2023-02-27T05:56:38Z

@jzheaux any update on this?

sjohnr · 2024-06-05T19:13:49Z

Thanks for reaching out @thomasmillergb! I apologize that this issue was missed and never responded to. However, it looks as though the URL https://thomasmiller.eu.authz.cloudentity.io/thomasmiller/test returns a 404 Not Found.

Drilling into it ReactiveJwtDecoderProviderConfigurationUtils.getJWSAlgorithms() will return the right value if you block it. However its never ran, due to further up chain.

I'm not clear on what is being pointed to as the problem based on this description. If you are able to provide a self-contained minimal, reproducible sample I'll be happy to take a look. For now, I'll close this issue as not reproducible.

thomasmillergb added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 12, 2022

thomasmillercf mentioned this issue Sep 14, 2022

Unable to use oAuth login with ES256 due to ReactiveOidcIdTokenDecoderFactory locked to RS256 #11799

Closed

sjohnr closed this as completed Jun 5, 2024

sjohnr self-assigned this Jun 5, 2024

sjohnr added status: invalid An issue that we don't feel is valid and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reactive JWT Decoder not picking up algo from jwk but non reactive version works #11812

Reactive JWT Decoder not picking up algo from jwk but non reactive version works #11812

thomasmillergb commented Sep 12, 2022

m-kay commented Feb 27, 2023

sjohnr commented Jun 5, 2024

Reactive JWT Decoder not picking up algo from jwk but non reactive version works #11812

Reactive JWT Decoder not picking up algo from jwk but non reactive version works #11812

Comments

thomasmillergb commented Sep 12, 2022

m-kay commented Feb 27, 2023

sjohnr commented Jun 5, 2024