Hi, I am completely out of ideas on what is going on here. I’m trying to setup JWTs on my Node.js server using Express.js. I have an Angular 7 front-end. On the client I use the npm package @okta/okta-angular to sign in the user. That works perfectly. I am trying to add authentication to my server as well, and use the @okta/jwt-verifier package. I tried setting it up using this post: https://developer.okta.com/blog/2018/08/07/node-angular-crud
Initially I had CORS issues, but got them resolved. I now get through the OPTIONS call, but on the GET I am getting a 401 with Error while resolving signing key for kid “[hash]”. So that is an error on oktaJwtVerifier.verifyAccessToken(accessToken). I don’t know what the problem with it is.
I have on the server env:
clientId: “”,
issuer: “https://.okta.com/oauth2/default”,
assertClaims: {
“aud”: “api://default”,
“cid”: “”
},
and on the client:
issuer: ‘https://.okta.com/oauth2/default’,
I have tried client as issuer: ‘https://.okta.com’ as well, because that is what I had and was working before the JWT efforts. It seems adding the /oauth2/default kills the sign in.
I don’t know what else to add. I just cannot work this out.
Hi @dragos, I don’t actually have a test account I can use so it’s only with my credentials that I’m signing in. Is there a particular piece of info in it that you are after that I can share?
If you are using the Okta authorization server (eg. if the authorization endpoint is something like https://yourOktaOrg.okta.com/oauth2/v1/authorize instead of https://yourOktaOrg.okta.com/oauth2/{authorizationServer}/v1/authorize) then yes, the access tokens can not be verified locally because, due to RFC restrictions, the signing keys are not displayed on /keys endpoint.
To verify the access tokens locally, you need the API Access Management feature enabled on your Okta tenant.
I have the Same issue. Below is my access token
Authorization:Bearer eyJraWQiOiJRWWZqQU4xTFFrWFFLNWdieUpva08zZkJuUzdQdHdzQ1FwQ0Jzd3l5MXBRIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHVnbmFlbHllODBndjgzMjBoNyIsIm5hbWUiOiJQb3dlciBCaSBVc2VyIiwiZW1haWwiOiJva3RhX3Bvd2VyYmlAZ3V5Y2FycC5jb20iLCJ2ZXIiOjEsImlzcyI6Imh0dHBzOi8vZGV2LTg2ODc2NS5va3RhcHJldmlldy5jb20vb2F1dGgyL2F1c2cxYTZhb2ExRDdpZ1VUMGg3IiwiYXVkIjoiMG9hZzE3YzZ4YU1pUXBnM3UwaDciLCJpYXQiOjE1NjU4ODA0MTMsImV4cCI6MTU2NTg4NDAxMywianRpIjoiSUQuT0pILWhVZEpTWVN4bzdFUlpMMWRSRFRYb0xIQllZVXRuYTZmYXEyNWRNcyIsImFtciI6WyJwd2QiXSwiaWRwIjoiMDBvZGZtM2Z2aXByWWVkd00waDciLCJub25jZSI6ImpnUDJqWXhWQ0xQRGdKRER3aTJ3ZFFzNWI2RkdXSlpsa01nYUpCOU1nMlUxRG9rQjNXVUl5UEFWckUxSW5aR1kiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJva3RhX3Bvd2VyYmlAZ3V5Y2FycC5jb20iLCJhdXRoX3RpbWUiOjE1NjU4ODA0MTIsImF0X2hhc2giOiItNWwxa0FVWU1wWnZGZ052c09OMm1BIn0.FwwsprtYNkPF3nEan3u8x_JB2TjPtHgOSRZWLUnROSUMHOqKSaE26nhwYbegeOo5AywW3ynUG0KrUkCwGRAi6weld-xV4w-P6289EIgMhUBbVEr22zq5SL-kw_ZJZb-t5jIri9kwANSW4WIzJuC3pkFaZm1g2rI41VjyRjh7lwGjD8R4XwFesJrKI9IjLina9Ysbcso562lkvAwDJ9-ktEjwhutbylMuihnfMU5hXzPlk4vY3CuZSH-pSH-ow-j9TWz_Lpow6XLXa-nqJQ0c87_dShLrjGhG4yLvsohh8eP2tIYp0MW7fzsp5jpZ1_nrqBD9SOBudkv17QAI19FYqg
Error :
{
“name”: “JwtParseError”,
“userMessage”: “Error while resolving signing key for kid “QYfjAN1LQkXQK5gbyJokO3fBnS7PtwsCQpCBswyy1pQ””,
“message”: “Error while resolving signing key for kid “QYfjAN1LQkXQK5gbyJokO3fBnS7PtwsCQpCBswyy1pQ””,
Please response me, if any correctin needed. it was working fine last 4 months before.
so it’s only with my credentials that I’m signing in. Is there a particular piece of info in it that you are after that I can share?