Error when using Custom JWT Authentication

Chris_Lawrence · September 28, 2022, 2:01pm

I have configured my app in app services to use custom JWT authentication. I have provided the JWK uri (https://test.stytch.com/v1/sessions/jwks/project-test-39e8d76b-25c1-4426-b6cb-515aca0b30e0) but I am receiving the following error when I try to login from my node app:

Error:

failed to fetch JWK from URI: failed to extract from map: failed to construct key from map: failed to extract key from map: failed to extract header values: failed to set value for key x5c: invalid value for x5c key: failed to parse certificate: x509: malformed serial number

Any advice?

Desislava_St_Stefanova · September 28, 2022, 2:22pm

Hi @Chris_Lawrence,
Could you provide some more details:

Which SDK do you use?
How do you generate your custom JWT token?
Are you sure that you have set the same “kid”:“jwk-test-6009ec4b-3e5b-44f4-89ca-5f3cce226379” as a header to your issued JWT?
I seems that the JWT that you provide doesn’t match the JWK set.

Chris_Lawrence · September 28, 2022, 2:30pm

Thanks for the quick reply @Desislava_St_Stefanova

Here is more info:

Which SDK do you use?

I’m using the Node sdk

How do you generate your custom JWT token?

The JWT is coming directly from our authentication provider–Stytch. The JWK URI I’m using and posted a link to in the OP is an endpoint to obtain their JWK that is used to validate the token.

Are you sure that you have set the same “kid”:“jwk-test-6009ec4b-3e5b-44f4-89ca-5f3cce226379” as a header to your issued JWT?

I put the JWT in jwt.io and receive the following head information:

Chris_Lawrence · September 28, 2022, 2:34pm

Here is a snippet of my code I’m using to auth in case this is any help

    const app = new Realm.App({ id: process.env.REALM_APP_ID! })
    const creds = Realm.Credentials.jwt("JWT_FROM_AUTH_PROVIDER")
    app
      ?.logIn(credentials)
      .then((user) => {
        // Handle authenticated user...
      })
      .catch((err) => {
        logger.error('Error during realm app authentication', err)
      })

Desislava_St_Stefanova · September 29, 2022, 7:29am

Hi @Chris_Lawrence,
I have forwarded your question to the App Services team, but there seems to be some issue with the serial number of the certificate that is used to sign the JWT.
The only thing I can suggest is that you can check whether you get the same error if you use public key verification. You can convert your JWK to public key using some of the available “JWK to PEM converter”, then you can configure the Atlas App Service using the “Manually specify signing keys” option.
Looking forward your response.

Chris_Lawrence · September 29, 2022, 12:46pm

Hey @Desislava_St_Stefanova

I have some good news! I brought this same issue up with Stytch and they were able to reproduce it within Mongo. They believe it is an error with the way they are formatting their JWK. They should have a fix out soon.

I was able to convert the JWK into PEM format and submit that to my app as a work around. Authentication is now working.

I appreciated the help with this issue.

Desislava_St_Stefanova · September 29, 2022, 1:01pm

I’m glad to hear that.
It’s nice that the workaround works.
Good luck with your project, @Chris_Lawrence!

system · October 4, 2022, 1:01pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.