JWTConnect-Python-OidcRP
JWTConnect-Python-OidcRP copied to clipboard
IdentityPython
oidcmsg.exception.MissingSigningKey
That's the log:
2021-06-05 15:52:27,643 urllib3.connectionpool DEBUG https://127.0.0.1:8000 "GET /static/jwks.json HTTP/1.1" 404 179
2021-06-05 15:52:27,643 cryptojwt.key_bundle WARNING HTTP status 404 reading remote JWKS from https://127.0.0.1:8000/static/jwks.json
2021-06-05 15:52:27,643 cryptojwt.key_bundle ERROR Key bundle update failed: Remote key update from 'https://127.0.0.1:8000/static/jwks.json' failed, HTTP status 404
2021-06-05 15:52:27,644 oidcrp.service ERROR Got exception while verifying response: alg=RS256
2021-06-05 15:52:27,644 oidcrp.oauth2 ERROR alg=RS256
2021-06-05 15:52:27,644 oidcrp.rp_handler ERROR ['Traceback (most recent call last):\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/oauth2/__init__.py", line 156, in service_request\n response = service.get_response_ext(url, method, body, response_body_type, headers,\n', "AttributeError: 'AccessToken' object has no attribute 'get_response_ext'\n", '\nDuring handling of the above exception, another exception occurred:\n\n', 'Traceback (most recent call last):\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/rp_handler.py", line 489, in get_access_token\n tokenresp = client.do_request(\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/oauth2/__init__.py", line 91, in do_request\n return self.service_request(_srv, response_body_type=response_body_type,\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/oauth2/__init__.py", line 159, in service_request\n response = self.get_response(service, url, method, body, response_body_type, headers,\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/oauth2/__init__.py", line 131, in get_response\n return self.parse_request_response(service, resp,\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/oauth2/__init__.py", line 212, in parse_request_response\n return service.parse_response(reqresp.text, value_type,\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcrp/service.py", line 558, in parse_response\n resp.verify(**vargs)\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcmsg/oidc/__init__.py", line 354, in verify\n if not verify_id_token(self, **kwargs):\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcmsg/oidc/__init__.py", line 318, in verify_id_token\n idt = IdToken().from_jwt(str(msg[claim]), **args)\n', ' File "/home/wert/DEV/IdentityPython/OIDC/env/lib/python3.8/site-packages/oidcmsg/message.py", line 532, in from_jwt\n raise MissingSigningKey("alg=%s" % _header["alg"])\n', 'oidcmsg.exception.MissingSigningKey: alg=RS256\n']
We know the nature of this exception, the RP cannot fetch the OP's jwks
2021-06-05 15:52:27,643 urllib3.connectionpool DEBUG https://127.0.0.1:8000 "GET /static/jwks.json HTTP/1.1" 404 179
2021-06-05 15:52:27,643 cryptojwt.key_bundle WARNING HTTP status 404 reading remote JWKS from
But I believe that's something that must be improved to UX, they have to understand what's going wrong without being python developers :)
When the error occours we must show to user a clear error message about the cause
