https://kotlinlang.org logo
#ktor
Title
# ktor
w

wiktor

02/29/2024, 5:11 PM
👋 I could use some help to properly configure JWT, disclaimer: I am a backend noob, so clearly I am doing something wrong: 1. I configured everything based on rs256 setup from tutorial (except realm, because I don’t need it) 2. I extracted jwks.json based on instruction and exposed it through static in routing 3. When I try to read public key using
JwkProvider
I get network exception:
com.auth0.jwk.NetworkException: Cannot obtain jwks from url <https://api.mydomain.com/.well-known/jwks.json>
, but I can see the file when I open it in a browser
so line 178 crashes:
stacktrace:
Copy code
2024-02-29T17:00:24.323019095Z app[web.1]:  com.auth0.jwk.NetworkException: Cannot obtain jwks from url <https://api.mydoimain.com/.well-known/jwks.json>
2024-02-29T17:00:24.323022798Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
2024-02-29T17:00:24.323026078Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
2024-02-29T17:00:24.323028965Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
2024-02-29T17:00:24.323046235Z app[web.1]: 	at com.auth0.jwk.RateLimitedJwkProvider.get(RateLimitedJwkProvider.java:28)
2024-02-29T17:00:24.323049235Z app[web.1]: 	at com.auth0.jwk.GuavaCachedJwkProvider.lambda$get$0(GuavaCachedJwkProvider.java:62)
2024-02-29T17:00:24.323052247Z app[web.1]: 	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4925)
2024-02-29T17:00:24.323055008Z app[web.1]: 	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3571)
2024-02-29T17:00:24.323057715Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2313)
2024-02-29T17:00:24.323060388Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2190)
2024-02-29T17:00:24.323063119Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2080)
2024-02-29T17:00:24.323065748Z app[web.1]: 	at com.google.common.cache.LocalCache.get(LocalCache.java:4012)
2024-02-29T17:00:24.323068451Z app[web.1]: 	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4920)
2024-02-29T17:00:24.323071121Z app[web.1]: 	at com.auth0.jwk.GuavaCachedJwkProvider.get(GuavaCachedJwkProvider.java:62)
2024-02-29T17:00:24.323073848Z app[web.1]: 	at com.essentia.plugins.RoutingKt.createToken(Routing.kt:178)
2024-02-29T17:00:24.323076498Z app[web.1]: 	at com.essentia.plugins.RoutingKt$configureRouting$1$1.invokeSuspend(Routing.kt:80)
2024-02-29T17:00:24.323091402Z app[web.1]: 	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
2024-02-29T17:00:24.323094394Z app[web.1]: 	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
2024-02-29T17:00:24.323097021Z app[web.1]: 	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
2024-02-29T17:00:24.323099679Z app[web.1]: 	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
2024-02-29T17:00:24.323102374Z app[web.1]: 	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
2024-02-29T17:00:24.323105075Z app[web.1]: 	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
2024-02-29T17:00:24.323107739Z app[web.1]: 	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
2024-02-29T17:00:24.323123845Z app[web.1]: 	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
2024-02-29T17:00:24.323127277Z app[web.1]: 	at io.ktor.server.netty.EventLoopGroupProxy$Companion.create$lambda$1$lambda$0(NettyApplicationEngine.kt:296)
2024-02-29T17:00:24.323130024Z app[web.1]: 	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2024-02-29T17:00:24.323132682Z app[web.1]: 	at java.base/java.lang.Thread.run(Thread.java:829)
2024-02-29T17:00:24.323135324Z app[web.1]: Caused by: java.io.IOException: Server returned HTTP response code: 504 for URL: <https://api.mydomain.com/.well-known/jwks.json>
2024-02-29T17:00:24.323138181Z app[web.1]: 	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1924)
2024-02-29T17:00:24.323144657Z app[web.1]: 	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
2024-02-29T17:00:24.323147438Z app[web.1]: 	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
2024-02-29T17:00:24.323150217Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:135)
a

Aleksei Tirman [JB]

02/29/2024, 5:16 PM
Can you check that the JWKS endpoint is accessible from within the application?
w

wiktor

02/29/2024, 5:16 PM
good point, let me verify
it’s available, but I started to wonder if I should somehow point jwt what http client to use?
image.png
I used
applicationHttpClient
to verify url with jwks.json
a

Aleksei Tirman [JB]

03/01/2024, 8:13 AM
it’s available, but I started to wonder if I should somehow point jwt what http client to use?
Usually, you don't have to.
w

wiktor

03/01/2024, 8:19 AM
The project is a bare minimum, no fancy setup. I deploy it on digital ocean using dokku
a

Aleksei Tirman [JB]

03/01/2024, 9:24 AM
Did you mean to share this information here, or was it intended for a different thread?
w

wiktor

03/01/2024, 11:55 AM
I intended here to indicate I don’t do anything crazy (I think so 😅 ) in terms of configuration
@Aleksei Tirman [JB] any ideas what may be wrong? locally it works fine, get call from the app to jwks works fine, but it returns 504 (https://kotlinlang.slack.com/archives/C0A974TJ9/p1709226924645489?thread_ts=1709226682.912469&amp;cid=C0A974TJ9) only when using
JwkProviderBuilder
from deployed app, I updated java/kotlin/ktor and still the same
a

Aleksei Tirman [JB]

03/04/2024, 10:55 AM
So locally the
com.auth0.jwk.NetworkException
isn't thrown or the JWKS endpoint is accessible locally?
w

wiktor

03/04/2024, 12:27 PM
The issue with the 504 Gateway Timeout error doesn't occur with the same JWKS URL when tested locally. However, on the server, if a GET request to the endpoint is made before the 504 error is encountered, the endpoint is still accessible. This suggests the problem might be related to the server environment or network conditions on the server side, rather than an issue with the JWKS URL itself.
so it seems the problem was with number of threads if I get it right, anyway solution turned out to update EngineMain config
application.conf
with these values:
image.png
3 Views