Comments (8)
@kristof-mattei Yeah, I tested #188 and it worked.
from doorkeeper-openid_connect.
Released with 1.8.5
from doorkeeper-openid_connect.
And with 1.8.3 it works? Could be related to #177 ?
from doorkeeper-openid_connect.
And with 1.8.3 it works? Could be related to #177 ?
Yes, it works with 1.8.3. Downgrading back to that version fixes the issue.
Yes, it looks related to #177. The comment here appears to be accurate. Our application does rely on json-jwt
so would need to migrate to using ruby-jwt
like you have in the project to try and resolve the issue.
from doorkeeper-openid_connect.
Yeah so to fix it there are two ways:
- Migrate to the new gem
- Fix doorkeeper-openid_connect to support both gems (maybe @kristof-mattei will want to check)
from doorkeeper-openid_connect.
I have the exact same issue but my project does not rely on json-jwt
at all, it's not even in my Gemfile.lock.
Started GET "/oauth/discovery/keys" for 172.18.0.1 at 2023-02-01 19:33:53 +0000
Processing by Doorkeeper::OpenidConnect::DiscoveryController#keys as */*
Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms | Allocations: 152)
NameError (uninitialized constant Doorkeeper::JWT::JWK):
doorkeeper-openid_connect (1.8.4) lib/doorkeeper/openid_connect.rb:51:in `signing_key'
doorkeeper-openid_connect (1.8.4) lib/doorkeeper/openid_connect.rb:55:in `signing_key_normalized'
doorkeeper-openid_connect (1.8.4) app/controllers/doorkeeper/openid_connect/discovery_controller.rb:105:in `keys_response'
In my Gemfile I have:
gem 'doorkeeper'
gem 'doorkeeper-jwt'
gem 'doorkeeper-openid_connect'
All in the latest version.
Gemfile.lock:
doorkeeper (5.6.4)
railties (>= 5)
doorkeeper-jwt (0.4.1)
jwt (>= 2.1)
doorkeeper-openid_connect (1.8.4)
doorkeeper (>= 5.5, < 5.7)
jwt (>= 2.5)
oauth2 (2.0.9)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
...
jwt (2.6.0)
When I try to access the JWT::JWK
class in the Rails console it works:
irb(main):004:0> JWT::JWK
=> JWT::JWK
irb(main):005:0> JWT::JWK.method(:new)
=> #<Method: JWT::JWK.new(create_from)(key, params=..., options=...) /usr/local/bundle/gems/jwt-2.6.0/lib/jwt/jwk.rb:9>
I'm even using the JWT
gem in my own code and it works there:
config.jwt_jwk = JWT::JWK.new(
pk,
nil,
kid_generator: ::JWT::JWK::Thumbprint
)
I also tried adding jwt
to my Gemfile but same problem.
So the problem only happens inside this gem. Looks like a loading order problem, or something like that.
from doorkeeper-openid_connect.
Found the problem, PR to follow.
from doorkeeper-openid_connect.
@zavan your error is different. When you have the error it is searching for Doorkeeper::JWT::JWK
, which is in correct. I think we can fix your error by prefixing
::
to ensure it doesn't search for JWT
in the same namespace (i.e. Doorkeeper
). This also explains why it works in the console.
Can you try changing that file and confirm if that does the trick?
@brent-cybrid can you post the complete stacktrace? Want to make sure that it is the gem's absence and not something I missed.
@nbulaj I think supporting both is another can of worms, which I find quite risky when it comes to security-related code like this. It's not even like we can specify the model the consumer would like to use, like https://doorkeeper.gitbook.io/guides/configuration/models, as the APIs are actually different. Thoughts?
from doorkeeper-openid_connect.
Related Issues (20)
- Missing credentials param in password_access_token_request.rb HOT 1
- Overriding AuthorizationsController in Development Mode HOT 2
- Can `.well-known/openid-configuration` return an alternate uri for `jwks_uri` HOT 1
- fix issuer {} for `.well-known/openid-configuration` using blocks HOT 1
- Is it possible to configure and use Authentication Context Class References?
- `/.well-known/openid-configuration` crashes when `Doorkeeper.config.allow_token_introspection` is false HOT 1
- Shouldn't controllers inherit `Doorkeeper::ApplicationMetalController`? HOT 1
- Using `root_url` in `#webfinger_response` can violate specification
- `access_grant_class` is broken. HOT 7
- Possible to disable `client_secret_basic` for `token_endpoint_auth_methods_supported`?
- RP-initiated logout post_logout_redirect_uri is not validatable
- Broken with Doorkeeper v5.6.3
- OpenID working with rails app HOT 5
- Support for sessions and session_state HOT 1
- Support multiple devise models
- `kid` value in headers in different format after upgrading from 1.8.3 to 1.8.5 HOT 2
- Missing v1.8.5 tag HOT 2
- NameError: uninitialized constant Doorkeeper::JWT::JWK HOT 6
- kid is different for different versions of doorkeeper-openid_connect HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doorkeeper-openid_connect.