You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Returning keys from the function passed in for getKeysInterceptor is causing a type error.
2022-04-04T17:52:04.682Z dea71b6b-1398-4763-bf96-27c05e628c64 INFO Error while verifying the token TypeError: jwks must be a JSON Web Key Set formatted object
at Object.asKeyStore (/var/task/node_modules/jose/lib/jwks/keystore.js:166:11)
at retrieveSigningKeys (/var/task/node_modules/jwks-rsa/src/utils.js:4:30)
at JwksClient.<anonymous> (/var/task/node_modules/jwks-rsa/src/wrappers/interceptor.js:15:21)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async /var/task/node_modules/jwks-rsa/src/wrappers/rateLimit.js:24:23
The keys in question are fetched via getSigningKey, direct from auth0.
What was the expected behavior?
Loaded keys should work without an error.
Reproduction
Assuming the following code (in a Lambda authorizer):
Keep the client loaded or disable cache so the client tries to use the interceptor
Make another call to get the same signing key
Environment
Version of this library used: v2.0.4
Which framework are you using, if applicable: AWS Lambda, in particular this is used in a token authorizer
Other modules/plugins/libraries that might be involved:
Any other relevant information you think would be useful: I suspect this is because the type used in [SDK-2626] getKeysInterceptor types #251 isn't complete enough. The code that actually throws an error is expecting a SigningKey but JSONWebKey lacks the method, getPublicKey so trips the error
The text was updated successfully, but these errors were encountered:
The return value of getSigningKey is not a JSON Web Key Set, so what you're caching is a SigningKey not a JWKS.
getKeysInterceptor expects you to return a JWKS, so when you restore the cache and return a SigningKey, you will get "Error while verifying the token TypeError: jwks must be a JSON Web Key Set formatted object"
Your code probably works the first time when the cache is empty, then fails when the cache is being restored.
If you want to cache the JWKS in a file system you'll need to fetch it yourself and save it in the interceptor, eg
asyncfunctionloadKeys(jwksUri,cacheDir=KEY_FILE_CACHE){try{if(fs.existsSync(cacheDir)){// load JWKS from cache}}catch(e){console.debug(`Problem reading keys from disk cache, ${e}`);}constjwks=awaitrequest(jwksUri);cacheKeys(jwks);returnjwks;}
Describe the problem
Returning keys from the function passed in for
getKeysInterceptor
is causing a type error.The keys in question are fetched via
getSigningKey
, direct from auth0.What was the expected behavior?
Loaded keys should work without an error.
Reproduction
Assuming the following code (in a Lambda authorizer):
Environment
SigningKey
butJSONWebKey
lacks the method,getPublicKey
so trips the errorThe text was updated successfully, but these errors were encountered: