Angular-oauth2-oidc: JWKs fields are null at validation

Created on 5 Sep 2017  路  5Comments  路  Source: manfredsteyer/angular-oauth2-oidc

_Full disclosure_
_This might not be an issue and/or just me not knowing how to use the library correctly :)
So thank you for your help ahead of time!_

So after logging in, I get the token back from the parameters by invoking the TryLogin method but it fails at validation time with an error: Parameter jwks expected! (see image below)

image

When I inspect the params object, I can effectively see that the jwks field is empty

image

However, I do see in the token header the fields corresponding to the jwks from where the public key can be composed. Maybe I'm wrong?

Additionally, I understand that by convention, the jwks fields can also be obtained from the
http://localhost:5000/.well-known/openid-configuration end point which it does give me the jwks when hitting it:

image

Am I missing an important step? Any help would be appreciated :)

picture dustingallegos

Most helpful comment

Oh, when its IdSvr4 then the discovery document should be fine.

Do you call tryLogin after loadDiscoveryDocument, e. g. within the then-block?

    this.oauthService.loadDiscoveryDocument().then((doc) => {
      this.oauthService.tryLogin();
    });

I'm aksing b/c otherwise tryLogin could be called before the config data arrived.

Are there warning or error messages on the javascript console?

When happens, when you add the following code, when setting up the lib?

this.oauthService.events.subscribe(e => {
    console.debug('oauth/oidc event', e);
})

When does this write to the console?

picture manfredsteyer on 8 Sep 2017
👍52

All 5 comments

Thx for this info.
Which Identity-Solution do you use?
Can you send me your discovery document and the document with the keys (jwks)?

manfredsteyer picture manfredsteyer on 6 Sep 2017

No problem.
Identity Server 4, which has an standard Oauth 2.0 generated discovery document. More information here -> http://docs.identityserver.io/en/release/topics/discovery.html?highlight=discovery%20document
Besides that, I'm not sure what I can send you.. perhaps the text itself shown in the page?
Let me know - Thanks a lot!

dustingallegos picture dustingallegos on 7 Sep 2017

Oh, when its IdSvr4 then the discovery document should be fine.

Do you call tryLogin after loadDiscoveryDocument, e. g. within the then-block?

    this.oauthService.loadDiscoveryDocument().then((doc) => {
      this.oauthService.tryLogin();
    });

I'm aksing b/c otherwise tryLogin could be called before the config data arrived.

Are there warning or error messages on the javascript console?

When happens, when you add the following code, when setting up the lib?

this.oauthService.events.subscribe(e => {
    console.debug('oauth/oidc event', e);
})

When does this write to the console?

manfredsteyer picture manfredsteyer on 8 Sep 2017
👍52

using the tryLogin() inside the loadDiscoveryDocument() did the trick!
Thanks a lot for responding quickly! :)

dustingallegos picture dustingallegos on 8 Sep 2017

I am getting the same error... but in my case, I'm using the okta server as suggested by the example. I've just changed the clientId and the root URL (https://dev-{MY_ID_HERE}.oktapreview.com)... Did I forget anything?

felipecaparelli picture felipecaparelli on 5 Mar 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Swissbite picture Swissbite  路  4Comments
zulander1 picture zulander1  路  4Comments
godhar picture godhar  路  3Comments
medokin picture medokin  路  4Comments
grzegorz-skowronski picture grzegorz-skowronski  路  3Comments