Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This request object uses unsupported signing algorithm "EdDSA" #1191

Open
4 of 5 tasks
taisph opened this issue Oct 2, 2024 · 0 comments · May be fixed by #1203
Open
4 of 5 tasks

This request object uses unsupported signing algorithm "EdDSA" #1191

taisph opened this issue Oct 2, 2024 · 0 comments · May be fixed by #1203
Labels
bug Something is not working.

Comments

@taisph
Copy link

taisph commented Oct 2, 2024

Preflight checklist

Ory Network Project

No response

Describe the bug

Attempting to use the JWT authenticator results in an "This request object uses unsupported signing algorithm "EdDSA"." error, yet oathkeeper credentials generator has no issues generating using the EdDSA algorithm, eg. oathkeeper credentials generate --alg EdDSA

Reproducing the bug

  1. Setup a JWT authenticator in config and add a rule using the jwt handler.
    authenticators:
      jwt:
        enabled: true
        config:
          jwks_urls:
            - http://localhost:4456/.well-known/jwks.json
          allowed_algorithms:
            - EdDSA
  1. Use a JWT signed with the EdDSA algorithm as a bearer token with the /decisions endpoint.

Relevant log output

id=
rid=
error=The request was malformed or contained invalid parameters
reason=This request object uses unsupported signing algorithm "EdDSA".
details=map[]
debug=

github.com/ory/oathkeeper/credentials.(*VerifierDefault).Verify.func1
    /project/credentials/verifier_default.go:81
github.com/golang-jwt/jwt/v4.(*Parser).ParseWithClaims
    /go/pkg/mod/github.com/golang-jwt/jwt/[email protected]/parser.go:80
github.com/golang-jwt/jwt/v4.ParseWithClaims
    /go/pkg/mod/github.com/golang-jwt/jwt/[email protected]/token.go:108
github.com/ory/oathkeeper/credentials.(*VerifierDefault).Verify
    /project/credentials/verifier_default.go:42
github.com/ory/oathkeeper/pipeline/authn.(*AuthenticatorJWT).Authenticate
    /project/pipeline/authn/authenticator_jwt.go:107
github.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest
    /project/proxy/request_handler.go:205
github.com/ory/oathkeeper/api.(*DecisionHandler).decisions
    /project/api/decision.go:96
github.com/ory/oathkeeper/api.(*DecisionHandler).ServeHTTP
    /project/api/decision.go:50
github.com/urfave/negroni.middleware.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/oathkeeper/cmd/server.runAPI.func1.ContextualizedMiddleware.func3
    /go/pkg/mod/github.com/ory/[email protected]/corsx/middleware.go:28
github.com/urfave/negroni.HandlerFunc.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29
github.com/urfave/negroni.middleware.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/x/reqlog.(*Middleware).ServeHTTP
    /go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:142
github.com/urfave/negroni.middleware.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP
    /project/metrics/middleware.go:103
github.com/urfave/negroni.middleware.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/x/metricsx.(*Service).ServeHTTP
    /go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:272
github.com/urfave/negroni.middleware.ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/urfave/negroni.(*Negroni).ServeHTTP
    /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.(*middleware).serveHTTP
    /go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]/handler.go:217
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.NewMiddleware.func1.1
    /go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]/handler.go:81
net/http.HandlerFunc.ServeHTTP
    /usr/local/go/src/net/http/server.go:2136
net/http.serverHandler.ServeHTTP
    /usr/local/go/src/net/http/server.go:2938
net/http.(*conn).serve
    /usr/local/go/src/net/http/server.go:2009
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

Relevant configuration

No response

Version

0.40.7

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

Might be related to #691.

@taisph taisph added the bug Something is not working. label Oct 2, 2024
taisph added a commit to taisph/oathkeeper that referenced this issue Nov 29, 2024
@taisph taisph linked a pull request Nov 29, 2024 that will close this issue
taisph added a commit to taisph/oathkeeper that referenced this issue Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something is not working.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant