Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crash after obtaining access token from nov/openid_connect_sample #2

Open
caboteria opened this issue Nov 10, 2012 · 2 comments
Open

crash after obtaining access token from nov/openid_connect_sample #2

caboteria opened this issue Nov 10, 2012 · 2 comments

Comments

@caboteria
Copy link

I'm playing with the gateway and pointed it at nov/openid_connect_sample. The authorization request seems to work, and then the gateway POSTS to the OP for the access token. The OP responds and the gateway crashes on the response.

NoMethodError at /auth/openid_connect/callback
undefined method `verify' for #String:0xa427de0
Ruby /home/tobyc/.rvm/gems/ruby-1.9.2-p180/gems/json-jwt-0.3.3/lib/json/jws.rb: in valid?, line 76

    def valid?(signature_base_string, public_key_or_secret)
    case
    when hmac?
    secret = public_key_or_secret
    sign(signature_base_string, secret) == signature
    when rsa?
    public_key = public_key_or_secret
76  public_key.verify digest, signature, signature_base_string
    when ecdsa?
    public_key = public_key_or_secret
    verify_ecdsa_group! public_key
    public_key.dsa_verify_asn1 digest.digest(signature_base_string), signature
    else
    raise InvalidFormat.new('Unknown Signature Algorithm')
    end

The contents of the response to the access token request are:

{"access_token":"73e9279688f31eebaf824ca2e8b6cc3dbc814d7a79dd785a68ed5f4eef8a0543","token_type":"bearer","expires_in":86399,"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dSI6Imh0dHA6Ly9vcC5kZXYvY2VydC5wZW0iLCJqa3UiOiJodHRwOi8vb3AuZGV2L2p3ay5qc29uIn0.eyJpc3MiOiJodHRwOi8vb3AuZGV2IiwidXNlcl9pZCI6ImI0OGNjMzM1MTAzYjQzOWMiLCJhdWQiOiJjZTc1ZDZmMjdkZDk3ODFkNjA3ZDExYmUzNTA5ZGQ0YiIsImV4cCI6MTM1MjU4MzIwOSwiaWF0IjoxMzUyNTYxNjA5LCJub25jZSI6IjU5ODU1NWNmNmEwNjJkMjRiYzM2OTdhZGQ2NzEwNWIwIn0.DNS7Bo7YrZjdlI7BlQQ_siOjqlhq8K0ma5vg6gYfZqR1rJP79zqO7t00CC3xD-SlNY69n6nD_KZIpfg1dZ0O4LHC83GJB7PL7rA_lV1aocVdoC6ijqDIjwVkLkVyix-vzEK20-1ELRJGmnGa2scK_Yt36XNrGVAsfZpuCvswuEuSlLb256Xgg_DRE9DwxHaa1LCQBxDu1tTet_8v5zoKpteAfYvKiRrZE9_XbksLp9zWmG4-9ly7tcouQOjLHzrsyaOMHahO7eiCnv1B2aMcEsdPcuPXHm3HsA2tY-dVPlYGh25tmo0xM6JRyCj186TmXI5QrxVA8PRzmPOCq2FxwQ"}
@caboteria
Copy link
Author

The problem seems to be in omniauth_openid_connect-b12d89d5744b/lib/omniauth/strategies/openid_connect.rb.

      def check_id!(id_token)

        raise ::OpenIDConnect::Exception.new('No ID Token was given.') if id_token.blank?
        ::OpenIDConnect::ResponseObject::IdToken.decode(
          id_token, (get_idp_signing_key() || options[:client_secret])
        )
      end

get_idp_signing_key seems to return some sort of key object, but options[:client_secret] is a string, which causes the crash. It looks as if get_idp_signing_key() will return nil if the config file doesn't have either a x509_url or jwk_url parameter, which it doesn't by default.

@caboteria
Copy link
Author

It looks as if you can avoid this crash by adding an additional_properties property of either x509_url or jwk_url. x509 takes precedence if you have both.

For nov/openid_connect_sample these url's are /cert.pem and /jwk.json.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@caboteria