JWT verification failed

[Parth Panchal]

Hey

I am getting jwt token from GoogleOidcClient and fetching it using commonprofile.getAttribute("id_token")

When I am trying to validate the token like this 

jwtAuthenticator.addSignatureConfiguration(new RSASignatureConfiguration(rsa));

CommonProfile token = jwtAuthenticator.validateToken(token);

I am getting the below error.

org.pac4j.core.exception.CredentialsException: JWT verification failed

Can you please let me know the reason why it is happening?

Thanks & Regards

Parth

[Jérôme LELEU]

Hi,

Indeed, the id_token is a JWT and you should be able to validate it.

You certainly don't have the right configuration: how did you get the public key from Google to validate the id_token?

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/ca42fb50-db40-460d-8ace-e6acfe45a11bn%40googlegroups.com.

[Jérôme LELEU]

Hi,

Indeed, this looks good to me. It's a RSA key, not a secret.

What do you see for the header using jwt.io?

Thanks.

Best regards,

Jérôme

Le jeu. 3 juin 2021 à 11:05, Parth Panchal <parth....@deuexsolutions.com> a écrit :

Hi,

I am fetching the public key from "https://www.googleapis.com/oauth2/v3/certs".

Adding rsa key-pair by passing the jwk from above link to JWKHelper.buildRSAKeyPairFromJwk(JwkFromAboveLink).

I am not adding secret signature configuration since the google jwks have keyType = RSA and JWKHelper.buildSecretFromJwk need keyType "oct". (hope I am correct)

Is it necessary to add SecretSignatureConfiguration? Because I am not getting how to.

Thanks & Regards

Parth

[Jérôme LELEU]

Hi,

OK. Can you privately send me an id_token so I can test?

Thanks.

Best regards,

Jérôme

Le jeu. 3 juin 2021 à 12:44, Parth Panchal <parth....@deuexsolutions.com> a écrit :

Hi,

When I use debug mode in intellij

#JwtAuthenticator# | signatureConfigurations: [#RSASignatureConfiguration# | keys: [protected] | algorithm: RS256 |] | encryptionConfigurations: [] | realmName: authentication required | identifierGenerator: null |

I get this as a message for CommonProfile token = jwtAuthenticator.validateToken

and then this -> JWT verification failed: token

Thanks & Regards

Parth

[Parth Panchal]

Hi,

{
  "alg": "RS256",
  "kid": "1719eb957f6956b5818c1968ff16dff774e708de",
  "typ": "JWT"
}

I is what is get in header using jwt.io

Thanks & Regards

Parth

On Thu, Jun 3, 2021 at 3:27 PM Parth Panchal <parth....@deuexsolutions.com> wrote:

{
  "alg": "",
  "kid": "",
  "typ": ""
}

These are the fields that I get in the header.

[Parth Panchal]

Hi,

When I use debug mode in intellij

#JwtAuthenticator# | signatureConfigurations: [#RSASignatureConfiguration# | keys: [protected] | algorithm: RS256 |] | encryptionConfigurations: [] | realmName: authentication required | identifierGenerator: null |

I get this as a message for CommonProfile token = jwtAuthenticator.validateToken

and then this -> JWT verification failed: token

Thanks & Regards

Parth

[Parth Panchal]

{
  "alg": "",
  "kid": "",
  "typ": ""
}

These are the fields that I get in the header.

[Parth Panchal]

Hi,

I am fetching the public key from "https://www.googleapis.com/oauth2/v3/certs".

Adding rsa key-pair by passing the jwk from above link to JWKHelper.buildRSAKeyPairFromJwk(JwkFromAboveLink).

I am not adding secret signature configuration since the google jwks have keyType = RSA and JWKHelper.buildSecretFromJwk need keyType "oct". (hope I am correct)

Is it necessary to add SecretSignatureConfiguration? Because I am not getting how to.

Thanks & Regards

Parth

On Thu, Jun 3, 2021 at 2:12 PM Jérôme LELEU <lel...@gmail.com> wrote:

[Parth Panchal]

Hi, 

I mailed you the jwt

Is there any update on this?