不支持算法 - Gentics Mesh 中的 OAuth

Question

I'm using the new OAuth support in Gentics Mesh, but getting an exception -我在 Gentics Mesh 中使用新的 OAuth 支持，但出现异常 -

ecms-mesh-server     | 23:57:42.312 [] INFO  [vert.x-eventloop-thread-4] [i.v.e.w.h.i.LoggerHandlerImpl] - 192.168.16.4 - GET /api/v2/auth/me HTTP/1.1 200 587 - 7 ms
ecms-mesh-server     | 23:58:09.374 [] DEBUG [vert.x-eventloop-thread-4] [c.g.m.a.p.MeshJWTAuthProvider] - Could not authenticate token.
ecms-mesh-server     | java.lang.RuntimeException: Algorithm not supported
ecms-mesh-server     |  at io.vertx.ext.jwt.JWT.decode(JWT.java:280)
ecms-mesh-server     |  at io.vertx.ext.auth.jwt.impl.JWTAuthProviderImpl.authenticate(JWTAuthProviderImpl.java:122)
ecms-mesh-server     |  at com.gentics.mesh.auth.provider.MeshJWTAuthProvider.authenticateJWT(MeshJWTAuthProvider.java:90)
ecms-mesh-server     |  at com.gentics.mesh.auth.handler.MeshJWTAuthHandler.handleJWTAuth(MeshJWTAuthHandler.java:152)
ecms-mesh-server     |  at com.gentics.mesh.auth.handler.MeshJWTAuthHandler.handle(MeshJWTAuthHandler.java:89)
ecms-mesh-server     |  at com.gentics.mesh.auth.MeshAuthChain.lambda$secure$0(MeshAuthChain.java:40)
ecms-mesh-server     |  at io.vertx.ext.web.impl.RouteImpl.handleContext(RouteImpl.java:231)

I'm running the server in docker, with a Spring Boot Gateway in front, using the Token Relay Filter.我在 docker 中运行服务器，前面有一个 Spring 引导网关，使用令牌中继过滤器。

I can access Mesh through the gateway fine, if I'm anonymous or authenticated by Mesh.如果我是匿名的或由 Mesh 认证，我可以通过网关很好地访问 Mesh。
But if I authenticate with Okta, and the gateway passes my token to Mesh, I get the exception...但是，如果我使用 Okta 进行身份验证，并且网关将我的令牌传递给 Mesh，我会得到异常......

I've added a file /config/public-keys.json with the contents of my Okta public keys.我添加了一个文件/config/public-keys.json ，其中包含我的 Okta 公钥的内容。

Update:更新：
I can confirm in the logs that my public keys are being picked up, because the debug output matches my /config/public-keys.json contents.我可以在日志中确认我的公钥正在被提取，因为调试 output 与我的/config/public-keys.json内容匹配。

ecms-mesh-server     | 00:19:55.101 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.MeshOAuth2ServiceImpl] - {
ecms-mesh-server     |   "kty" : "RSA",
ecms-mesh-server     |   "alg" : "RS256",
ecms-mesh-server     |   "kid" : "u13712iLhUmkpeREecKaQhPvZvuImdNVWGJwAmgU-SM",
ecms-mesh-server     |   "use" : "sig",
ecms-mesh-server     |   "e" : "AQAB",
ecms-mesh-server     |   "n" : "vw5G7FUjegmT_BybIfgDWr..."
ecms-mesh-server     | }
ecms-mesh-server     | 00:19:55.101 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.MeshOAuth2ServiceImpl] - {
ecms-mesh-server     |   "kty" : "RSA",
ecms-mesh-server     |   "alg" : "RS256",
ecms-mesh-server     |   "kid" : "DzmghgcUAcXhxL-LeF3qJqefqeQpHR4BSHUoSY7m3FU",
ecms-mesh-server     |   "use" : "sig",
ecms-mesh-server     |   "e" : "AQAB",
ecms-mesh-server     |   "n" : "4yosHHYoEW6wqqOso5qfDONqLw2MK..."
ecms-mesh-server     | }
ecms-mesh-server     | 00:19:55.102 [] DEBUG [vert.x-eventloop-thread-0] [c.g.m.a.AuthHandlerContainer] - Keys changed. Creating a new auth handler to be used.

Answer 1

I noticed the token's "kid" parameter in the header, did not have a matching "kid" in the public key list.我注意到 header 中令牌的“kid”参数，在公钥列表中没有匹配的“kid”。 I was using the wrong authorization servers JWKs... wow.我使用了错误的授权服务器 JWK...哇。 Heh.呵呵。

I had this - https://dev-xxxxxx.okta.com/oauth2/v1/keys我有这个 - https://dev-xxxxxx.okta.com/oauth2/v1/keys

When it should have been this - https://dev-xxxxxx.okta.com/oauth2/default/v1/keys什么时候应该是这个 - https://dev-xxxxxx.okta.com/oauth2/default/v1/keys

Hope this helps someone else.希望这对其他人有帮助。

不支持算法 - Gentics Mesh 中的 OAuth

问题描述

1 个解决方案

解决方案1
1 已采纳 2019-10-16 05:46:10

不支持算法 - Gentics Mesh 中的 OAuth

问题描述

1 个解决方案

解决方案1 1 已采纳 2019-10-16 05:46:10

解决方案1
1 已采纳 2019-10-16 05:46:10