The relevant errors from the system logs are as follows. Do advise where the issue might be, as well as the format and encoding it should be inside the link.
com.saasure.platform.services.idp.exception.IdpAuthenticationException: Could not validate id_token signature
core.user_auth.idp.social.cannot_acquire_access_token
I have configured my JWKS endpoint (https://05f2-129-126-117-109.ngrok-free.app/.well-known/jwks.json ) and when accessed, these are the contents:
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"n": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ljhP58S6OWOVlpFhPEEIiVYmtUlSfQ7P-jKoYlU5Sjj1pdr1AbasfJx47IgKLzHHlPCgNMBItUxB2XzEEB1ovImPaDeQS1TTUXfDYvFWFU8tTjixZT1pYWls5egJ2nVgR-QWXzC5eZJbYLxBwgh4d3tMXhzzydWPHhZg7kKbGvNtwGpNtEsJRG3X1bXoVSTulZkq1dd-b4rusQBMlTWEd1UqjmLhwNIAbEFc8UFNn2ZXUYGubLNQG6zOPd4mdFIwpBL0NISHuiG6sjSgC3h1nZGw_0WEqOuR9WTxHh-E2HrKmFCjBWEiMaABL8cPatNLg1xva98LAPCKYl_Y855iwID",
"e": "AQAB",
"kid": "0c1c4623-ae68-49bf-9245-c712d0eb2004"
}
]
}
I found the error. The keys above were in the PEM format. I fixed this by simply converting the public numbers into base64url encoded strings instead. The Python code is as follows
generated_private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048
)
base64_url_n = int_to_base64urluint(generated_private_key.public_key().public_numbers().n)
base64_url_e = int_to_base64urluint(generated_private_key.public_key().public_numbers().e)
An example of the resulting page is
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"n": "leAfDSh0e-d7UQ9fHTQWs4qMn80LTa3j3I_MTsdc6Vuz8MzYeweWmuw3uQOpKz28_cV8YmudqgPn8fcuKyc6SlSUqoEP5qHqMa0ovofjpNc8ztrTTUA2QL4tTgXkaArmPyuxQif2H_Lcfrb6jsOxHfLNlqZW8Wm6W5LFBM1ZLcno0izRyNbUvvpbKaVKdUM_x480oiyUTv3aVeLyN58FlkfQ-Pk0rdO1j8cW_o0hCmpj8RdAdG6o4AZwuxet9fjl3chik3OFgcCsSSjRO9BFqQt3F6FyvjVR2y6aV7ZPri_oQQHpKE1LCV09ptUTUdJpWosgFig5PFay0DpFvx3XDw",
"e": "AQAB",
"kid": "e145170a-7029-4d4a-bc3a-d43a20f5311e"
}
]
}
1 Like
system
June 8, 2024, 9:27am
3
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.