When unable to get JWKS, JWTAuth swallows the underlying exception and only logs the last message
See original GitHub issueWhen unable to retrieve the JWKS, JWTAuth swallows the underlying exception and only logs the message.
This means we only get to see:
TRACE io.ktor.auth.jwt - Failed to get JWK: Failed to get key with kid 1
When stack trace is:
com.auth0.jwk.SigningKeyNotFoundException: Failed to get key with kid 1
Caused by: com.auth0.jwk.SigningKeyNotFoundException: Cannot obtain jwks from url https://localhost:2222/jwks
Caused by: java.net.ConnectException: Connection refused (Connection refused)
Simple example to reproduce:
val TestJWT = "eyJraWQiOiIxIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwNjAvaXNzby9vYXV0aDIiLCJleHAiOjE3MTE4NzQ3MDAsImp0aSI6IjZvWkZWa3lGX2RSd1dpcXNhQkJkWkEiLCJpYXQiOjE1NTQxOTQ3MDAsInN1YiI6Im15dXNlciIsImF1ZCI6Ik9JREMiLCJhY3IiOiJMZXZlbDQiLCJhenAiOiJPSURDIn0.NuWfe1BZK3i-VVC1l7EIvJydd9m3Pcr2_0AanhbS3YEXSq_NWKhqtFd4qM_KUhLURTTwhNhAb43Zr2HzxGFUhnYnU4uCi95fLcw3Cq8mTM3o4I0r-pgpPTkfiheUUtOA4d43cwWpyEaBdypwO_F-VLA4zBw1oTRE_M0_G-16Q6yezpjTVBvOI7nsEWLHUZ-i10hE3V53cx2-Qm5OUOtEFF-UqqFhgBU6VSRYS5J3puWQFGlLr5hGSAW3Nll1DkJbiNaHB4y7EPnSlCPcNdZ98PXckylsiJ6nhRJXg4mke-C2WWckJ5H4dgsjeoUmXDuLekO1IrvwT1JLGJYiPwlQJw"
fun main(args: Array<String>): Unit {
Thread {
io.ktor.server.netty.EngineMain.main(args)
}.run()
Thread {
println("Testing in 3 secs...")
Thread.sleep(3000);
println("Testing...")
GlobalScope.launch {
val resp = HttpClient(Apache).use { client ->
client.get<String>(URL("http://localhost:8080/")) {
this.header("Authorization", "Bearer " + TestJWT);
}
}
println("RESP: ${resp}")
}
}.run()
}
@Suppress("unused") // Referenced in application.conf
@kotlin.jvm.JvmOverloads
fun Application.module(testing: Boolean = false) {
install(Authentication) {
jwt {
verifier(JwkProviderBuilder(URL("https://localhost:2222/jwks")).build(), "http://localhost:8060/isso/oauth2");
validate { credentials ->
if (credentials.payload.subject == "myuser") {
JWTPrincipal(credentials.payload)
} else {
log.info("${credentials.payload.subject} is not authorized to use this app, denying access")
null
}
}
}
}
routing {
authenticate {
get("/") {
call.respondText("HELLO WORLD!", contentType = ContentType.Text.Plain)
}
}
}
}
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (2 by maintainers)
Top Results From Across the Web
When unable to get JWKS, JWTAuth ... - JetBrains YouTrack
When unable to get JWKS, JWTAuth swallows the underlying exception and only logs the last message. This issue was imported from GitHub issue: ......
Read more >WhatsNew 2.2 | Ktor Framework
Logging : the plugin instantiates the default logger even when a ... to get JWKS, JWTAuth swallows the underlying exception and only logs...
Read more >CHANGELOG.md - hashicorp/vault - Sourcegraph
logging: Vault Agent supports logging to a specified file path via ... [GH-11696]; auth/aws: Underlying error included in validation failure message.
Read more >solr/CHANGES.txt - lucene-solr - Git at Google
SOLR-12193: Move some log messages to TRACE level (gezapeti, janhoy) ... leader fails and the underlying errors are not propagated to the client....
Read more >Apache Solr Release Notes
This file lists Solr's raw release notes with details of every change to Solr. Most people will find the solr-upgrade-notes.adoc file more approachable....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
It might be nice if we can handle those errors via challenge.
Please check the following ticket on YouTrack for follow-ups to this issue. GitHub issues will be closed in the coming weeks.