Timeout error when decode the access token #questions:oauth-oidc

Jvalekar · March 1, 2023, 5:43pm

Hi All,

We are using Okta jwt SDK for decoding the access token but getting the below error in the client environment where the application is installed with HTTPS. Locally SDK is working as expected and decoding the token.

com.okta.commons.http.HttpException: Unable to execute HTTP request - retryable exception: Read timed out
at com.okta.commons.http.okhttp.OkHttpRequestExecutor.executeRequest(OkHttpRequestExecutor.java:167) ~[okta-http-okhttp-1.3.3.jar:1.3.3]
at com.okta.commons.http.RetryRequestExecutor.doExecuteRequest(RetryRequestExecutor.java:147) ~[okta-http-api-1.3.3.jar:1.3.3]
at com.okta.commons.http.RetryRequestExecutor.executeRequest(RetryRequestExecutor.java:120) ~[okta-http-api-1.3.3.jar:1.3.3]
at com.okta.jwt.impl.http.OktaCommonsHttpClient.get(OktaCommonsHttpClient.java:54) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.updateKeys(RemoteJwkSigningKeyResolver.java:89) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.getKey(RemoteJwkSigningKeyResolver.java:81) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.resolveSigningKey(RemoteJwkSigningKeyResolver.java:56) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at com.okta.jwt.impl.jjwt.IssuerMatchingSigningKeyResolver.resolveSigningKey(IssuerMatchingSigningKeyResolver.java:52) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:355) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:529) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.ImmutableJwtParser.parse(ImmutableJwtParser.java:153) ~[jjwt-impl-0.11.5.jar:0.11.5]
at com.okta.jwt.impl.jjwt.TokenVerifierSupport.decode(TokenVerifierSupport.java:81) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]
at com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifier.decode(JjwtAccessTokenVerifier.java:56) ~[okta-jwt-verifier-impl-0.5.7.jar:0.5.7]

andrea · March 1, 2023, 8:25pm

Do you have a custom truststore? Are you able to make any API calls to Okta from this machine successfully?

Jvalekar · March 2, 2023, 12:21pm

Thank you for the response @andrea.We asked the IT team to make the open connection for all the Okta domain URLs, so from that machine, I am able to log in to the dashboard, from the native application when trying to decode the token, it gives the above error. I believe that for the decoding the token, JWT SDk refer the issuer URL

andrea · March 2, 2023, 6:48pm

Yeah, it should be (eventually) hitting the https://oktaDomain/oauth2/{{authorizationServerId}}/v1/keys endpoint.

Just to confirm, the Issuer of this token (iss claim within it), is it just your OktaDomain or does it end with something like /oauth2/default or /oauth2/aus123456789?

Jvalekar · March 3, 2023, 6:44am

Hello @andrea , Yes we are using issuer with /oauth2/default. Is there any issue with default ?

andrea · March 3, 2023, 4:49pm

Nope, it should be fine, I just wanted to double check that you’re using a custom authorization server like default.

Can you confirm that the application does manage to make an API call to https://oktaDomain/oauth2/default/v1/keys? Or is it timing out or otherwise encountering an issue when making that request?

Post		Replies	Views
Timeout error when decoding the access token OAuth/OIDC	3	1843	October 16, 2023
JWT Verification Timeout Java OAuth/OIDC api , java	11	12361	January 26, 2018
AuthSdkError: OAuth flow timed out OAuth/OIDC	2	4300	February 8, 2024
Getting access token is throwing 500 intermittently OAuth/OIDC java	3	5081	January 18, 2024
Client call fails with Okta E0000011 API	3	8458	December 27, 2018

Timeout error when decode the access token #questions:oauth-oidc

Related topics