Timeout error when decoding the access token

Questions OAuth/OIDC
1

Hi,
We are using Okta JWT Verifier to decode the access token. But getting below error at our client site who deployed our application in AWS and has proxy configuration. Works fine in all of our other environments. Tried -Dokta.client.proxy.host= -Dokta.client.proxy.port= and -Dhttps.proxyHost and -Dhttps.proxyPort too

JwtVerifiers.accessTokenVerifierBuilder()
.setIssuer(oktaIssuer)
.setAudience(audience)
.setConnectionTimeout(Duration.ofSeconds(oktaConnectionTimeout))
.setRetryMaxAttempts(oktaRetryMaxAttempts)
.setRetryMaxElapsed(Duration.ofSeconds(oktaRetryMaxElapsed))
.build();

            jwtVerifier.decode(accessToken)

com.okta.commons.http.HttpException: Unable to execute HTTP request - retryable exception: Connect to **** failed: connect timed out

          at com.okta.commons.http.httpclient.HttpClientRequestExecutor.executeRequest(HttpClientRequestExecutor.java:183) ~[okta-http-httpclient-1.3.0.jar:1.3.0]

          at com.okta.commons.http.RetryRequestExecutor.doExecuteRequest(RetryRequestExecutor.java:147) ~[okta-http-api-1.3.0.jar:1.3.0]

          at com.okta.commons.http.RetryRequestExecutor.executeRequest(RetryRequestExecutor.java:120) ~[okta-http-api-1.3.0.jar:1.3.0]

          at com.okta.jwt.impl.http.OktaCommonsHttpClient.get(OktaCommonsHttpClient.java:54) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.updateKeys(RemoteJwkSigningKeyResolver.java:89) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.getKey(RemoteJwkSigningKeyResolver.java:81) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at com.okta.jwt.impl.jjwt.RemoteJwkSigningKeyResolver.resolveSigningKey(RemoteJwkSigningKeyResolver.java:56) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at com.okta.jwt.impl.jjwt.IssuerMatchingSigningKeyResolver.resolveSigningKey(IssuerMatchingSigningKeyResolver.java:52) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:376) ~[jjwt-impl-0.11.2.jar:0.11.2]

          at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:550) ~[jjwt-impl-0.11.2.jar:0.11.2]

          at io.jsonwebtoken.impl.ImmutableJwtParser.parse(ImmutableJwtParser.java:153) ~[jjwt-impl-0.11.2.jar:0.11.2]

          at com.okta.jwt.impl.jjwt.TokenVerifierSupport.decode(TokenVerifierSupport.java:64) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

          at com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifier.decode(JjwtAccessTokenVerifier.java:45) ~[okta-jwt-verifier-impl-0.5.1.jar:0.5.1]

Thanks

2

Hello,

Have you tried setting the Proxy configuration via the JWT builder instead of using JVM options?

I assume you have verified that from your AWS instance using the proxy there is network connectivity to your Okta Org?

Thank you,

1 Like
3

Thank you. It worked. Wondering why this Okta JWT Verifier library is not using the JVM options as other okta library
-Dokta.client.proxy.host= -Dokta.client.proxy.port= and -Dhttps.proxyHost and -Dhttps.proxyPort

4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.