You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
can anybody help me using OAUTH 20 module in Apache 2.4 please?
( i know there is a successor module oauth2 but i dont know how to install it by not interfering existing rpm installations)
when i use the module openid-connect everything is fine.
when i want to login using a bearer token then i have to change the module to OAUTH20
There also: everything works fine without masses of configuration needed - except the JWT token validation.
I see in apache log:
oidc_http_request: response={"keys":[{"kty":"RSA","use":"sig","kid":" .... }
oidc_proto_jwks_key_get: search for kid "3PaK..." or "thumbprint x5t "3PaK..."
oidc_proto_jwks_key_get: found matching kid: "3PaK..."
oidc_proto_jwks_uri_keys: returning 1 key(s) obtained from the (possibly cached) JWKs URI
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello community,
can anybody help me using OAUTH 20 module in Apache 2.4 please?
( i know there is a successor module oauth2 but i dont know how to install it by not interfering existing rpm installations)
when i use the module openid-connect everything is fine.
when i want to login using a bearer token then i have to change the module to OAUTH20
There also: everything works fine without masses of configuration needed - except the JWT token validation.
My JWKs URI is set to https://login.microsoftonline.com/ -mytenantguid- /discovery/v2.0/keys
I see in apache log:
oidc_http_request: response={"keys":[{"kty":"RSA","use":"sig","kid":" .... }
oidc_proto_jwks_key_get: search for kid "3PaK..." or "thumbprint x5t "3PaK..."
oidc_proto_jwks_key_get: found matching kid: "3PaK..."
oidc_proto_jwks_uri_keys: returning 1 key(s) obtained from the (possibly cached) JWKs URI
and then the next line stops my OAUTH login :
oidc_proto_jwt_verify: JWT signature verification failed: [src/jose.c:1221: oidc_jwt_verify]: cjose_jws_verify failed: error:02000068:rsa routines::bad signature [file: jws.c, function: _cjose_jws_verify_sig_rs, line: 955]
i use SLES 15 SP4 apache2-mod_auth_openidc-2.3.8
then i upgraded to
SLES 15 SP6 apache2-mod_auth_openidc-2.4.16.3 (using an additional apache build service repository (https://build.opensuse.org/repositories/Apache:Modules/apache2-mod_auth_openidc)
But on both versions i have the same behaviour.
I've read that the error:02000068:rsa routines::bad signature ... has something to do with OPENSSL_ia32cap but i don't know further.
Can anybody help me verifying the JWT token?
Thank you
Andy
Beta Was this translation helpful? Give feedback.
All reactions