Overview
Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation
Key Features & Functionality
@paolob005 , are you able to resolve this error.
Hello
I have a JWKS repository with a mutual authentification (mTLS)I imported a client certificat in "Client Certificates" of the admin console (docs.appian.com/.../Appian_Administration_Console.htmlIt is now OK from a stantard appian integration object, I can get the list of certificats
But with the JWT plugin, I have this error :
Caused by: com.auth0.jwk.NetworkException: Cannot obtain jwks from url https://XXXXX/oauth2/v1/keys at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139) at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145) at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163) at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:43) at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:38) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277) ... 262 moreCaused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
It looks like mTLS is not managed by the plugin (handshake_failure)Can you confirm this and is it possible to upgrade the plugin?
I am trying to decode a token and I am receiving a null response. I am using the function decodeJWT() and in the parameter "jwksURL" I am using the same domain ( "">example.com/.../jwks.json" ) as when creating the token with the function "createtokenwithcustomclaims()".
I created the private key with format PKCS#1 and I put the token on jwt.io and nothing is wrong with it.
Any suggestions on what could be wrong?
Am creating the token and using it in integration object as mentioned in the snapshot, getting {"errorCode":"AUTHORIZATION_INVALID_TOKEN","message":"The access token provided is expired, revoked or malformed."}.
Please suggest how to fix the issue.
Hi Paolo,
The problem seems to be the format of the private key. The plugin expects the private key in PKCS#1RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY) format and you are setting it in PKCS#8PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)Please double check but I think you might be able to convert from PKCS#8 to PKCS#1: openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem
Thanks, Leandro.