Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quarkus fails to report a correct exception when conflicting authentication mechanisms are used (was Quarkus: can't verify Auth0 token) #19051

Closed
cogniocode opened this issue Jul 28, 2021 · 11 comments · Fixed by #19100
Closed

Quarkus fails to report a correct exception when conflicting authentication mechanisms are used (was Quarkus: can't verify Auth0 token) #19051

cogniocode opened this issue Jul 28, 2021 · 11 comments · Fixed by #19100
Labels
area/oidc area/security kind/bug Something isn't working
Milestone
2.1.1.Final

Comments

@cogniocode
Copy link

Describe the bug

I have the following OIDC configuration:

quarkus.oidc.auth-server-url=https://cognio.eu.auth0.com
quarkus.oidc.client-id=<redacted>
quarkus.oidc.credentials.secret=<redacted>
quarkus.oidc.token.audience=<redacted>
quarkus.oidc.authentication.scopes=openid,profile,email

quarkus.http.auth.permission.authenticated.paths=/*
quarkus.http.auth.permission.authenticated.policy=authenticated

While trying to access any endpoint with a valid access token I receive following response:

HTTP/1.1 401 Unauthorized
www-authenticate: Bearer
content-length: 0

If logging level is set to DEBUG the following stack trace is printed:

2021-07-28 14:47:08,037 DEBUG [io.sma.jwt.aut.principal] (vert.x-eventloop-thread-7) SRJWT08019: AuthContextInfo is: JWTAuthContextInfo{publicVerificationKey=null, secretVerificationKey=null, privateDecryptionKey=null, secretDecryptionKey=null, issuedBy='null', expGracePeriodSecs=60, maxTimeToLiveSecs=null, publicKeyLocation='null', publicKeyContent='null', decryptionKeyLocation='null', decryptionKeyContent='null', jwksRefreshInterval=60, tokenHeader='Authorization', tokenCookie='null', alwaysCheckAuthorization=false, tokenKeyId='null', tokenDecryptionKeyId='null', tokenSchemes=[Bearer], requireNamedPrincipal=true, defaultSubClaim='null', subPath='null', defaultGroupsClaim='null', groupsPath='null', signatureAlgorithm=RS256, keyEncryptionAlgorithm=RSA_OAEP, keyFormat=ANY, expectedAudience=null, groupsSeparator=' ', relaxVerificationKeyValidation=true, verifyCertificateThumbprint=false}
2021-07-28 14:47:08,040 DEBUG [io.sma.jwt.aut.principal] (vert.x-eventloop-thread-7) SRJWT08005: Verification key is unresolvable
2021-07-28 14:47:08,040 DEBUG [io.qua.sma.jwt.run.aut.MpJwtValidator] (vert.x-eventloop-thread-7) Authentication failed: io.smallrye.jwt.auth.principal.ParseException: SRJWT07000: Failed to verify a token
	at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:164)
	at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:56)
	at io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipalFactory.parse(DefaultJWTCallerPrincipalFactory.java:31)
	at io.smallrye.jwt.auth.principal.DefaultJWTParser.parse(DefaultJWTParser.java:60)
	at io.smallrye.jwt.auth.principal.DefaultJWTParser_Subclass.parse$$superforward1(DefaultJWTParser_Subclass.zig:517)
	at io.smallrye.jwt.auth.principal.DefaultJWTParser_Subclass$$function$$6.apply(DefaultJWTParser_Subclass$$function$$6.zig:33)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:54)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.proceed(InvocationInterceptor.java:62)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor.monitor(InvocationInterceptor.java:51)
	at io.quarkus.arc.runtime.devconsole.InvocationInterceptor_Bean.intercept(InvocationInterceptor_Bean.zig:521)
	at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
	at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
	at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
	at io.smallrye.jwt.auth.principal.DefaultJWTParser_Subclass.parse(DefaultJWTParser_Subclass.zig:1180)
	at io.smallrye.jwt.auth.principal.DefaultJWTParser_ClientProxy.parse(DefaultJWTParser_ClientProxy.zig:298)
	at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:53)
	at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:49)
	at io.smallrye.context.impl.wrappers.SlowContextualConsumer.accept(SlowContextualConsumer.java:21)
	at io.smallrye.mutiny.operators.uni.builders.UniCreateWithEmitter.subscribe(UniCreateWithEmitter.java:22)
	at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
	at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni.subscribe(UniOnItemTransformToUni.java:25)
	at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
	at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni.subscribe(UniOnItemTransformToUni.java:25)
	at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
	at io.smallrye.mutiny.operators.uni.UniMemoizeOp.subscribe(UniMemoizeOp.java:76)
	at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
	at io.smallrye.mutiny.groups.UniSubscribe.withSubscriber(UniSubscribe.java:50)
	at io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2.handle(HttpSecurityRecorder.java:104)
	at io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2.handle(HttpSecurityRecorder.java:51)
	at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1127)
	at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:151)
	at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:133)
	at io.quarkus.vertx.http.runtime.devmode.VertxHttpHotReplacementSetup$3.handle(VertxHttpHotReplacementSetup.java:88)
	at io.quarkus.vertx.http.runtime.devmode.VertxHttpHotReplacementSetup$3.handle(VertxHttpHotReplacementSetup.java:77)
	at io.vertx.core.impl.future.FutureImpl$3.onSuccess(FutureImpl.java:124)
	at io.vertx.core.impl.future.FutureBase.lambda$emitSuccess$0(FutureBase.java:54)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.jose4j.lang.UnresolvableKeyException: SRJWT07003: Failed to load a key from null
	at io.smallrye.jwt.auth.principal.AbstractKeyLocationResolver.reportLoadKeyException(AbstractKeyLocationResolver.java:180)
	at io.smallrye.jwt.auth.principal.KeyLocationResolver.<init>(KeyLocationResolver.java:47)
	at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.getVerificationKeyResolver(DefaultJWTTokenParser.java:236)
	at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:99)
	... 42 more
Caused by: java.lang.NullPointerException
	at io.smallrye.jwt.util.ResourceUtils.getResourceStream(ResourceUtils.java:68)
	at io.smallrye.jwt.util.ResourceUtils.readResource(ResourceUtils.java:44)
	at io.smallrye.jwt.auth.principal.AbstractKeyLocationResolver.readKeyContent(AbstractKeyLocationResolver.java:131)
	at io.smallrye.jwt.auth.principal.KeyLocationResolver.initializeKeyContent(KeyLocationResolver.java:95)
	at io.smallrye.jwt.auth.principal.KeyLocationResolver.<init>(KeyLocationResolver.java:45)
	... 44 more

Expected behavior

Quarkus should successfully verify token and give access to endpoint.

Actual behavior

Quarkus throws exception.

How to Reproduce?

Steps to reproduce:

  1. Create free Auth0 tenant.
  2. Create new API application with RSA256 signing algorithm.
  3. Add http://localhost:8080/ to allowed callback URLs for the API application.
  4. Rewrite redacted values from configuration with the corresponding API application properties.
  5. Start service.

Output of uname -a or ver

No response

Output of java -version

11.0.12

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.0.3.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)

Additional information

No response
@cogniocode cogniocode added the kind/bug Something isn't working label Jul 28, 2021
@sberyozkin
Copy link
Member

Hi @cogniocode I've been testing Auth0 JWT tokens recently and had no problems verifying it with quarkus-oidc.
Auth0 can also produce binary tokens and since it does not have an introspection endpoint such tokens can not be verified.
However the stack trace suggests you are in fact using quarkus-smallrye-jwt with an incomplete setup - can you provide a reproducer please ? Or provide more information here ?

thanks

@sberyozkin
Copy link
Member

@cogniocode And also, please confirm the token which is being sent is a JWT token (you can copy and paste it here if it is a test one or check if it has 3 parts separated by 2 dots - paste it into jwt.io and see if it can be decoded)

@cogniocode
Copy link
Author

Hi @sberyozkin, thanks for your time.

I would love to provide reproducer, if you can tell how to create one :D

Here is the token I'm using:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Iks2Rm5XVVJia2JUWWI2YkU5djJoZSJ9.eyJpc3MiOiJodHRwczovL2NvZ25pby5ldS5hdXRoMC5jb20vIiwic3ViIjoibEt3dHdKd1laN3BlRkJIWG9ONFF1OTlJTVcwVGE5eU5AY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vY2duby5saW5rIiwiaWF0IjoxNjI3NDY2MTc2LCJleHAiOjE2Mjc1NTI1NzYsImF6cCI6ImxLd3R3SndZWjdwZUZCSFhvTjRRdTk5SU1XMFRhOXlOIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.EKY67ZuiQnr5-6wHfnXmVXaLK4ppfktxAhjKbEuOhSvxXSvFWHdGIkxNa12K4SFRjpRXP1uwELfkvJlCidsILCb7aLFsbZjZrrUddzADIzg7TpIJtHNZ1QncTbYi2jyFiV7QqU3puXfIBA_V8wkejPOV5ILeWEltWKy2EjkPyC-1o7lqK9aIGXaL6qZMbFKfWbGgV1WNzV9xR1Lg5sFQu20oELf9IFtyRvDDanbj40jpU7ULlLZY1yZR7A7w6R5pfXVe_M_H0SfR5zvuZOOd0pWFGVLqJzjQm0ujkFohGKbX2t0rHd60hZO-iRv1owe06Iyu3yef9RiRnHOOybcTBw

@sberyozkin
Copy link
Member

sberyozkin commented Jul 28, 2021
edited
Loading

@cogniocode Np, this is a JWT token and should be easily verifiable with both quarkus-smallrye-jwt and quarkus-oidc.

The question is how is this stack trace produced - it is not quarkus-oidc code but quarkus-smallrye-jwt so I'd like to see the configuration which is causing it. It appears that a local key is referenced somehow using smallrye-jwt properties.

You can create a reproducer by in Github or copy the relevant config here

@cogniocode
Copy link
Author

The issue was resolved after I have deleted from pom.xml following dependency:

<dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-smallrye-jwt</artifactId>
</dependency>

I suppose quarkus-oidc and quarkus-smallrye-jwt conflict somehow resulting in that error. Is this the intended behaviour?
My full pom.xml is like that:

<?xml version="1.0"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <modelVersion>4.0.0</modelVersion>
  <groupId>dev.cognio.link</groupId>
  <artifactId>link</artifactId>
  <version>1.0.0-SNAPSHOT</version>
  <properties>
    <compiler-plugin.version>3.8.1</compiler-plugin.version>
    <maven.compiler.parameters>true</maven.compiler.parameters>
    <maven.compiler.source>11</maven.compiler.source>
    <maven.compiler.target>11</maven.compiler.target>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <quarkus.platform.artifact-id>quarkus-universe-bom</quarkus.platform.artifact-id>
    <quarkus.platform.group-id>io.quarkus</quarkus.platform.group-id>
    <quarkus.platform.version>2.0.3.Final</quarkus.platform.version>
    <surefire-plugin.version>3.0.0-M5</surefire-plugin.version>
  </properties>
  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>${quarkus.platform.group-id}</groupId>
        <artifactId>${quarkus.platform.artifact-id}</artifactId>
        <version>${quarkus.platform.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-hibernate-orm</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-hibernate-validator</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-smallrye-openapi</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-oidc</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-hibernate-orm-panache</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-resteasy</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-resteasy-jackson</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-smallrye-jwt</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-jdbc-postgresql</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-arc</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-junit5</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>io.rest-assured</groupId>
      <artifactId>rest-assured</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.modelmapper</groupId>
      <artifactId>modelmapper</artifactId>
      <version>2.4.2</version>
    </dependency>
  </dependencies>
  <build>
    <plugins>
      <plugin>
        <groupId>${quarkus.platform.group-id}</groupId>
        <artifactId>quarkus-maven-plugin</artifactId>
        <version>${quarkus.platform.version}</version>
        <extensions>true</extensions>
        <executions>
          <execution>
            <goals>
              <goal>build</goal>
              <goal>generate-code</goal>
              <goal>generate-code-tests</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>${compiler-plugin.version}</version>
        <configuration>
          <parameters>${maven.compiler.parameters}</parameters>
        </configuration>
      </plugin>
      <plugin>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>${surefire-plugin.version}</version>
        <configuration>
          <systemPropertyVariables>
            <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
            <maven.home>${maven.home}</maven.home>
          </systemPropertyVariables>
        </configuration>
      </plugin>
    </plugins>
  </build>
  <profiles>
    <profile>
      <id>native</id>
      <activation>
        <property>
          <name>native</name>
        </property>
      </activation>
      <build>
        <plugins>
          <plugin>
            <artifactId>maven-failsafe-plugin</artifactId>
            <version>${surefire-plugin.version}</version>
            <executions>
              <execution>
                <goals>
                  <goal>integration-test</goal>
                  <goal>verify</goal>
                </goals>
                <configuration>
                  <systemPropertyVariables>
                    <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
                    <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
                    <maven.home>${maven.home}</maven.home>
                  </systemPropertyVariables>
                </configuration>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
      <properties>
        <quarkus.package.type>native</quarkus.package.type>
      </properties>
    </profile>
  </profiles>
</project>

@sberyozkin
Copy link
Member

@cogniocode good it has been resolved - this is a bug that this exception is being triggered - well, we expect it to fail as both extensions provide the same authentication mechanism support for the bearer type - so it should fail at startup but with a different exception. Let me look into it it (note I'll be on PTO from tomorrow). In any case the good news it works as expected with the correct dependency.
I'll also rename the issue title
thanks

@sberyozkin sberyozkin changed the title Quarkus can't verify Auth0 token Quarkus fails to report a correct exception when conflicting authentication mechanims are used (was Quarkus: can't verify Auth0 token) Jul 28, 2021
@cogniocode
Copy link
Author

Alright, thanks for your help.

@quarkus-bot
Copy link

quarkus-bot bot commented Jul 28, 2021

/cc @pedroigor

@sberyozkin sberyozkin changed the title Quarkus fails to report a correct exception when conflicting authentication mechanims are used (was Quarkus: can't verify Auth0 token) Quarkus fails to report a correct exception when conflicting authentication mechanisms are used (was Quarkus: can't verify Auth0 token) Jul 28, 2021
@sberyozkin
Copy link
Member

When I add quarkus-smallrye-jwt to integration-tests/oidc which already has the quarkus-oidc dependency then I see:

2021-07-28 14:17:10,189 ERROR [io.ver.ext.web.RoutingContext] (vert.x-eventloop-thread-1) Unhandled exception in router: java.lang.RuntimeException: Multiple mechanisms present that use the same credential transport HttpCredentialTransport{transportType=AUTHORIZATION, typeTarget='bearer', authenticationScheme='Bearer'}. Mechanisms are io.quarkus.smallrye.jwt.runtime.auth.JWTAuthMechanism@2ad126bc and io.quarkus.oidc.runtime.OidcAuthenticationMechanism@6120bcef

which is expected. It is the main branch. However, adding both dependencies to quarkus-quickstart/security-openid-connect-quickstart makes no difference, sending a bogus token returns 401 as expected, no exception as shown in the description is thrown so something is inconsistent here

@sberyozkin sberyozkin mentioned this issue Jul 29, 2021
Merged
@quarkus-bot quarkus-bot bot added this to the 2.2 - main milestone Jul 30, 2021
@gsmet gsmet modified the milestones: 2.2 - main, 2.1.1.Final Aug 3, 2021
@jamals86
Copy link

jamals86 commented Jul 9, 2023
edited
Loading

Hi,

On Quarkus 3.2.0-Final and i have followed this solution here: https://quarkus.io/guides/security-jwt#add-smallrye-jwt
I m facing the same issue with this exception:
2023-07-09 20:41:05,884 ERROR [io.sma.graphql] (vert.x-eventloop-thread-4) SRGQL012000: Data Fetching Error: io.smallrye.jwt.auth.principal.ParseException: SRJWT07000: Failed to verify a token at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:181) at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:59) at io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipalFactory.parse(DefaultJWTCallerPrincipalFactory.java:31) at io.smallrye.jwt.auth.principal.DefaultJWTParser.parse(DefaultJWTParser.java:71) at io.smallrye.jwt.auth.principal.DefaultJWTParser_ClientProxy.parse(Unknown Source) at com.services.usersprocessor.endpoints.graphql.resolvers.SyncResolver.actionSync(SyncResolver.java:62) at com.services.usersprocessor.endpoints.graphql.resolvers.SyncResolver_ClientProxy.actionSync(Unknown Source) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at io.smallrye.graphql.execution.datafetcher.helper.ReflectionInvoker.invoke(ReflectionInvoker.java:97) at io.smallrye.graphql.execution.datafetcher.MultiDataFetcher.handleUserMethodCall(MultiDataFetcher.java:29) at io.smallrye.graphql.execution.datafetcher.AbstractStreamingDataFetcher.invokeAndTransform(AbstractStreamingDataFetcher.java:41) at io.smallrye.graphql.execution.datafetcher.AbstractDataFetcher.get(AbstractDataFetcher.java:66) at graphql.execution.instrumentation.dataloader.DataLoaderDispatcherInstrumentation.lambda$instrumentDataFetcher$0(DataLoaderDispatcherInstrumentation.java:90) at graphql.execution.ExecutionStrategy.invokeDataFetcher(ExecutionStrategy.java:309) at graphql.execution.ExecutionStrategy.fetchField(ExecutionStrategy.java:286) at graphql.execution.SubscriptionExecutionStrategy.createSourceEventStream(SubscriptionExecutionStrategy.java:96) at graphql.execution.SubscriptionExecutionStrategy.execute(SubscriptionExecutionStrategy.java:58) at graphql.execution.Execution.executeOperation(Execution.java:161) at graphql.execution.Execution.execute(Execution.java:104) at graphql.GraphQL.execute(GraphQL.java:557) at graphql.GraphQL.lambda$parseValidateAndExecute$11(GraphQL.java:476) at java.base/java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:1187) at java.base/java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2309) at graphql.GraphQL.parseValidateAndExecute(GraphQL.java:471) at graphql.GraphQL.executeAsync(GraphQL.java:439) at io.smallrye.graphql.execution.ExecutionService.lambda$writeAsync$0(ExecutionService.java:214) at io.smallrye.context.impl.wrappers.SlowContextualSupplier.get(SlowContextualSupplier.java:21) at io.smallrye.mutiny.operators.uni.builders.UniCreateFromCompletionStage.subscribe(UniCreateFromCompletionStage.java:24) at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36) at io.smallrye.mutiny.groups.UniSubscribe.withSubscriber(UniSubscribe.java:51) at io.smallrye.mutiny.groups.UniSubscribe.with(UniSubscribe.java:110) at io.smallrye.mutiny.groups.UniSubscribe.with(UniSubscribe.java:88) at io.smallrye.graphql.execution.ExecutionService.writeAsync(ExecutionService.java:216) at io.smallrye.graphql.execution.ExecutionService.execute(ExecutionService.java:183) at io.smallrye.graphql.execution.ExecutionService.executeAsync(ExecutionService.java:119) at io.smallrye.graphql.websocket.AbstractGraphQLWebsocketHandler.onOperationRequest(AbstractGraphQLWebsocketHandler.java:102) at io.smallrye.graphql.websocket.graphqlws.GraphQLWSSubprotocolHandler.onMessage(GraphQLWSSubprotocolHandler.java:46) at io.smallrye.graphql.websocket.AbstractGraphQLWebsocketHandler.onMessage(AbstractGraphQLWebsocketHandler.java:63) at io.vertx.core.http.impl.WebSocketImplBase$FrameAggregator.handleTextFrame(WebSocketImplBase.java:630) at io.vertx.core.http.impl.WebSocketImplBase$FrameAggregator.handle(WebSocketImplBase.java:596) at io.vertx.core.http.impl.WebSocketImplBase$FrameAggregator.handle(WebSocketImplBase.java:585) at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:264) at io.vertx.core.http.impl.WebSocketImplBase.receiveFrame(WebSocketImplBase.java:533) at io.vertx.core.streams.impl.InboundBuffer.handleEvent(InboundBuffer.java:255) at io.vertx.core.streams.impl.InboundBuffer.write(InboundBuffer.java:134) at io.vertx.core.http.impl.WebSocketImplBase.handleFrame(WebSocketImplBase.java:475) at io.vertx.core.impl.EventLoopContext.execute(EventLoopContext.java:76) at io.vertx.core.impl.DuplicatedContext.execute(DuplicatedContext.java:153) at io.vertx.core.http.impl.Http1xConnectionBase.handleWsFrame(Http1xConnectionBase.java:64) at io.vertx.core.http.impl.Http1xServerConnection.handleOther(Http1xServerConnection.java:184) at io.vertx.core.http.impl.Http1xServerConnection.handleMessage(Http1xServerConnection.java:169) at io.vertx.core.net.impl.ConnectionBase.read(ConnectionBase.java:158) at io.vertx.core.net.impl.VertxHandler.channelRead(VertxHandler.java:153) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: org.jose4j.lang.UnresolvableKeyException: SRJWT07003: Failed to load a key from null at io.smallrye.jwt.auth.principal.AbstractKeyLocationResolver.reportLoadKeyException(AbstractKeyLocationResolver.java:217) at io.smallrye.jwt.auth.principal.KeyLocationResolver.<init>(KeyLocationResolver.java:47) at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.getVerificationKeyResolver(DefaultJWTTokenParser.java:262) at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:110) ... 80 more Caused by: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "resourceLocation" is null at io.smallrye.jwt.util.ResourceUtils.getResourceStream(ResourceUtils.java:69) at io.smallrye.jwt.util.ResourceUtils.readResource(ResourceUtils.java:45) at io.smallrye.jwt.auth.principal.AbstractKeyLocationResolver.readKeyContent(AbstractKeyLocationResolver.java:168) at io.smallrye.jwt.auth.principal.KeyLocationResolver.initializeKeyContent(KeyLocationResolver.java:95) at io.smallrye.jwt.auth.principal.KeyLocationResolver.<init>(KeyLocationResolver.java:45) ... 82 more
I m trying to parse the token from GraphQL Subscription resolver

@jamals86
Copy link

jamals86 commented Jul 9, 2023

I fixed this last issue by adding:
smallrye.jwt.verify.key.location=${users-processor.keycloak.url}/realms/${users-processor.keycloak.realm}/protocol/openid-connect/certs
Its working now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc area/security kind/bug Something isn't working
Projects
None yet
Milestone
2.1.1.Final
Development

Successfully merging a pull request may close this issue.

Update HttpCredentialTransport to keep a lower case authentication scheme sberyozkin/quarkus
4 participants
@sberyozkin @gsmet @cogniocode @jamals86