不支持算法-Gentics Mesh中的OAuth

时间:2019-10-12 00:11:41

标签: vert.x okta gentics-mesh

我在Gentics Mesh中使用了新的OAuth支持,但出现了异常-

ecms-mesh-server     | 23:57:42.312 [] INFO  [vert.x-eventloop-thread-4] [i.v.e.w.h.i.LoggerHandlerImpl] - 192.168.16.4 - GET /api/v2/auth/me HTTP/1.1 200 587 - 7 ms
ecms-mesh-server     | 23:58:09.374 [] DEBUG [vert.x-eventloop-thread-4] [c.g.m.a.p.MeshJWTAuthProvider] - Could not authenticate token.
ecms-mesh-server     | java.lang.RuntimeException: Algorithm not supported
ecms-mesh-server     |  at io.vertx.ext.jwt.JWT.decode(JWT.java:280)
ecms-mesh-server     |  at io.vertx.ext.auth.jwt.impl.JWTAuthProviderImpl.authenticate(JWTAuthProviderImpl.java:122)
ecms-mesh-server     |  at com.gentics.mesh.auth.provider.MeshJWTAuthProvider.authenticateJWT(MeshJWTAuthProvider.java:90)
ecms-mesh-server     |  at com.gentics.mesh.auth.handler.MeshJWTAuthHandler.handleJWTAuth(MeshJWTAuthHandler.java:152)
ecms-mesh-server     |  at com.gentics.mesh.auth.handler.MeshJWTAuthHandler.handle(MeshJWTAuthHandler.java:89)
ecms-mesh-server     |  at com.gentics.mesh.auth.MeshAuthChain.lambda$secure$0(MeshAuthChain.java:40)
ecms-mesh-server     |  at io.vertx.ext.web.impl.RouteImpl.handleContext(RouteImpl.java:231)

我正在使用令牌中继过滤器在docker中运行服务器,并在前面运行Spring Boot Gateway。

如果我是匿名的或已通过Mesh认证,则可以通过网关正常访问Mesh。
但是,如果我通过Okta进行身份验证,并且网关将我的令牌传递给Mesh,则会得到异常...

我添加了一个文件/config/public-keys.json,其中包含我的Okta公钥的内容。

enter image description here

更新:
我可以在日志中确认我的公钥已被拾取,因为调试输出与我的/config/public-keys.json内容匹配。 

ecms-mesh-server     | 00:19:55.101 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.MeshOAuth2ServiceImpl] - {
ecms-mesh-server     |   "kty" : "RSA",
ecms-mesh-server     |   "alg" : "RS256",
ecms-mesh-server     |   "kid" : "u13712iLhUmkpeREecKaQhPvZvuImdNVWGJwAmgU-SM",
ecms-mesh-server     |   "use" : "sig",
ecms-mesh-server     |   "e" : "AQAB",
ecms-mesh-server     |   "n" : "vw5G7FUjegmT_BybIfgDWr..."
ecms-mesh-server     | }
ecms-mesh-server     | 00:19:55.101 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.MeshOAuth2ServiceImpl] - {
ecms-mesh-server     |   "kty" : "RSA",
ecms-mesh-server     |   "alg" : "RS256",
ecms-mesh-server     |   "kid" : "DzmghgcUAcXhxL-LeF3qJqefqeQpHR4BSHUoSY7m3FU",
ecms-mesh-server     |   "use" : "sig",
ecms-mesh-server     |   "e" : "AQAB",
ecms-mesh-server     |   "n" : "4yosHHYoEW6wqqOso5qfDONqLw2MK..."
ecms-mesh-server     | }
ecms-mesh-server     | 00:19:55.102 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.AuthHandlerContainer] - Keys changed. Creating a new auth handler to be used.

1 个答案:

答案 0 :(得分:1)

我注意到标头中令牌的“ kid”参数,在公共密钥列表中没有匹配的“ kid”。 我使用了错误的授权服务器JWK ...哇。嘿。

我有这个- https://dev-xxxxxx.okta.com/oauth2/v1/keys

本应如此- https://dev-xxxxxx.okta.com/oauth2/default/v1/keys

希望这对其他人有帮助。

相关问题
最新问题