Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RuntimeError: Missing "jwks_uri" in metadata

See original GitHub issue

Describe the bug

Started happening once I tried upgrading from 0.15.5 to any of the pre-release versions.

I’m using Auth0 on a client flask application and I’ve registered it like so:

    from authlib.integrations import flask_client
    from authlib.integrations.base_client.errors import OAuthError
    import flask

    oauth = flask_client.OAuth(server)
    auth0 = oauth.register(
        "auth0",
        client_id=os.environ["AUTH0_CLIENT_ID"],
        client_secret=os.environ["AUTH0_CLIENT_SECRET"],
        api_base_url=os.environ["AUTH0_DOMAIN"],
        access_token_url=os.environ["AUTH0_DOMAIN"] + "/oauth/token",
        authorize_url=os.environ["AUTH0_DOMAIN"] + "/authorize",
        client_kwargs={
            "scope": "openid profile email",
        },
    )

    @server.route("/callback")
    def callback():
        # Handles response from token endpoint
        try:
            auth0.authorize_access_token()
   ...

That last line auth0.authorize_access_token() started throwing RuntimeError: Missing "jwks_uri" in metadata

it seems that the server_metadata is missing, from what I managed to find out.

Error Stacks

  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 2091, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 2076, in wsgi_app
    response = self.handle_exception(e)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 2073, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 1518, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 1516, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/flask/app.py", line 1502, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/home/shadydealer/work/beme/reporting/apps/authentication/auth0.py", line 48, in callback
    auth0.authorize_access_token()
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/integrations/flask_client/apps.py", line 106, in authorize_access_token
    userinfo = self.parse_id_token(token, nonce=state_data['nonce'])
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/integrations/base_client/sync_openid.py", line 64, in parse_id_token
    claims = _jwt.decode(
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/jose/rfc7519/jwt.py", line 96, in decode
    data = self._jws.deserialize_compact(s, load_key, decode_payload)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/jose/rfc7515/jws.py", line 102, in deserialize_compact
    algorithm, key = self._prepare_algorithm_key(jws_header, payload, key)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/jose/rfc7515/jws.py", line 255, in _prepare_algorithm_key
    key = key(header, payload)
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/integrations/base_client/sync_openid.py", line 36, in load_key
    jwk_set = JsonWebKey.import_key_set(self.fetch_jwk_set())
  File "/home/shadydealer/.local/share/virtualenvs/reporting-87-gzJHg/lib/python3.8/site-packages/authlib/integrations/base_client/sync_openid.py", line 14, in fetch_jwk_set
    raise RuntimeError('Missing "jwks_uri" in metadata')

To Reproduce

Create an Auth0 tenant and create a flask client application then use the registration code specified above to register the flask app.

Expected behavior

To work as it used to in 0.15.5 or specify in the docs what changed

Environment:

  • OS: Ubuntu 18.04
  • Python Version: python 3.8
  • Authlib Version: 1.0.0а1 and higher

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

6reactions
lepturecommented, Dec 13, 2021

https://accounts.google.com/.well-known/openid-configuration

 "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
4reactions
shadydealercommented, Nov 30, 2021

@lepture

Of course, here it is:

    from authlib.integrations import flask_client
    from authlib.integrations.base_client.errors import OAuthError
    import flask

    oauth = flask_client.OAuth(server)
    auth0 = oauth.register(
        "auth0",
        client_id=os.environ["AUTH0_CLIENT_ID"],
        client_secret=os.environ["AUTH0_CLIENT_SECRET"],
        api_base_url=os.environ["AUTH0_DOMAIN"],
        access_token_url=os.environ["AUTH0_DOMAIN"] + "/oauth/token",
        authorize_url=os.environ["AUTH0_DOMAIN"] + "/authorize",
        client_kwargs={
            "scope": "openid profile email",
        },
        server_metadata_url=os.environ["AUTH0_SERVER_METADATA_URL"],
    )

    @server.route("/callback")
    def callback():
        # Handles response from token endpoint
        try:
            auth0.authorize_access_token()
   ...

the AUTH0_SERVER_METADATA_URL value is https://YOUR_TENANT_NAME.YOUR_TENANT_REGION.auth0.com/.well-known/openid-configuration

Read more comments on GitHub >

github_iconTop Results From Across the Web

Missing "jwks_uri" in metadata for flask and Google authlib ...
The main overarching issue is that I get an internal server error of 500 with the flask app and this jwks_uri showed up...
Read more >
Flask sample app login fails: Missing jwks_uri in metadata
Created a regular web application in my Auth0 dashboard and configured the callback and logout URLs (localhost)
Read more >
https://gitea.angry.im/mirrors/synapse/commit/616a...
+ # + #jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + + ... raise RuntimeError('Missing "jwks_uri" in metadata') + + jwk_set = await self.
Read more >
Step by step guide using Curity - Tyk.io
A workaround is to configure the DCR endpoint to use no-authentication. ... The JWKS URI can be obtained via the .well-known/openid-configuration endpoint ...
Read more >
GenerateJWT policy | Apigee X - Google Cloud
<JWKS uri="variable-containing-jwks-content"/> ... NoAlgorithmFoundInHeader, 401, Occurs when the JWT contains no algorithm header. steps.jwt.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error returning OAuth user info: missing_token

Next page

parse_id_token() returns None