wave I could use some help to properly configure JWT discla kotlinlang #ktor

:wave: I could use some help to properly configure...

wiktor

02/29/2024, 5:11 PM

👋 I could use some help to properly configure JWT, disclaimer: I am a backend noob, so clearly I am doing something wrong: 1. I configured everything based on rs256 setup from tutorial (except realm, because I don’t need it) 2. I extracted jwks.json based on instruction and exposed it through static in routing 3. When I try to read public key using

JwkProvider

I get network exception:

com.auth0.jwk.NetworkException: Cannot obtain jwks from url <https://api.mydomain.com/.well-known/jwks.json>

, but I can see the file when I open it in a browser

wiktor

02/29/2024, 5:13 PM

so line 178 crashes:

wiktor

02/29/2024, 5:15 PM

stacktrace:

Copy code

2024-02-29T17:00:24.323019095Z app[web.1]:  com.auth0.jwk.NetworkException: Cannot obtain jwks from url <https://api.mydoimain.com/.well-known/jwks.json>
2024-02-29T17:00:24.323022798Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
2024-02-29T17:00:24.323026078Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
2024-02-29T17:00:24.323028965Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
2024-02-29T17:00:24.323046235Z app[web.1]: 	at com.auth0.jwk.RateLimitedJwkProvider.get(RateLimitedJwkProvider.java:28)
2024-02-29T17:00:24.323049235Z app[web.1]: 	at com.auth0.jwk.GuavaCachedJwkProvider.lambda$get$0(GuavaCachedJwkProvider.java:62)
2024-02-29T17:00:24.323052247Z app[web.1]: 	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4925)
2024-02-29T17:00:24.323055008Z app[web.1]: 	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3571)
2024-02-29T17:00:24.323057715Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2313)
2024-02-29T17:00:24.323060388Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2190)
2024-02-29T17:00:24.323063119Z app[web.1]: 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2080)
2024-02-29T17:00:24.323065748Z app[web.1]: 	at com.google.common.cache.LocalCache.get(LocalCache.java:4012)
2024-02-29T17:00:24.323068451Z app[web.1]: 	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4920)
2024-02-29T17:00:24.323071121Z app[web.1]: 	at com.auth0.jwk.GuavaCachedJwkProvider.get(GuavaCachedJwkProvider.java:62)
2024-02-29T17:00:24.323073848Z app[web.1]: 	at com.essentia.plugins.RoutingKt.createToken(Routing.kt:178)
2024-02-29T17:00:24.323076498Z app[web.1]: 	at com.essentia.plugins.RoutingKt$configureRouting$1$1.invokeSuspend(Routing.kt:80)
2024-02-29T17:00:24.323091402Z app[web.1]: 	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
2024-02-29T17:00:24.323094394Z app[web.1]: 	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
2024-02-29T17:00:24.323097021Z app[web.1]: 	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
2024-02-29T17:00:24.323099679Z app[web.1]: 	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
2024-02-29T17:00:24.323102374Z app[web.1]: 	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
2024-02-29T17:00:24.323105075Z app[web.1]: 	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
2024-02-29T17:00:24.323107739Z app[web.1]: 	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
2024-02-29T17:00:24.323123845Z app[web.1]: 	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
2024-02-29T17:00:24.323127277Z app[web.1]: 	at io.ktor.server.netty.EventLoopGroupProxy$Companion.create$lambda$1$lambda$0(NettyApplicationEngine.kt:296)
2024-02-29T17:00:24.323130024Z app[web.1]: 	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2024-02-29T17:00:24.323132682Z app[web.1]: 	at java.base/java.lang.Thread.run(Thread.java:829)
2024-02-29T17:00:24.323135324Z app[web.1]: Caused by: java.io.IOException: Server returned HTTP response code: 504 for URL: <https://api.mydomain.com/.well-known/jwks.json>
2024-02-29T17:00:24.323138181Z app[web.1]: 	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1924)
2024-02-29T17:00:24.323144657Z app[web.1]: 	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
2024-02-29T17:00:24.323147438Z app[web.1]: 	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
2024-02-29T17:00:24.323150217Z app[web.1]: 	at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:135)

Aleksei Tirman [JB]

02/29/2024, 5:16 PM

Can you check that the JWKS endpoint is accessible from within the application?

wiktor

02/29/2024, 5:16 PM

good point, let me verify

wiktor

02/29/2024, 5:25 PM

it’s available, but I started to wonder if I should somehow point jwt what http client to use?

wiktor

02/29/2024, 5:26 PM

image.png

wiktor

02/29/2024, 5:27 PM

I used

applicationHttpClient

to verify url with jwks.json

Aleksei Tirman [JB]

03/01/2024, 8:13 AM

it’s available, but I started to wonder if I should somehow point jwt what http client to use?

Usually, you don't have to.

wiktor

03/01/2024, 8:19 AM

The project is a bare minimum, no fancy setup. I deploy it on digital ocean using dokku

Aleksei Tirman [JB]

03/01/2024, 9:24 AM

Did you mean to share this information here, or was it intended for a different thread?

wiktor

03/01/2024, 11:55 AM

I intended here to indicate I don’t do anything crazy (I think so 😅 ) in terms of configuration

wiktor

03/04/2024, 10:16 AM

@Aleksei Tirman [JB] any ideas what may be wrong? locally it works fine, get call from the app to jwks works fine, but it returns 504 (https://kotlinlang.slack.com/archives/C0A974TJ9/p1709226924645489?thread_ts=1709226682.912469&cid=C0A974TJ9) only when using

JwkProviderBuilder

from deployed app, I updated java/kotlin/ktor and still the same

Aleksei Tirman [JB]

03/04/2024, 10:55 AM

So locally the

com.auth0.jwk.NetworkException

isn't thrown or the JWKS endpoint is accessible locally?

wiktor

03/04/2024, 12:27 PM

The issue with the 504 Gateway Timeout error doesn't occur with the same JWKS URL when tested locally. However, on the server, if a GET request to the endpoint is made before the 504 error is encountered, the endpoint is still accessible. This suggests the problem might be related to the server environment or network conditions on the server side, rather than an issue with the JWKS URL itself.

wiktor

03/04/2024, 6:16 PM

so it seems the problem was with number of threads if I get it right, anyway solution turned out to update EngineMain config

application.conf

with these values:

wiktor

03/04/2024, 6:16 PM

image.png

4 Views

Open in Slack

Previous Next