Couldn't retrieve remote JWK set: connect timed out

Issue #221 invalid
Anonymous created an issue

Hi Team,

I am getting the following exception when I try to validate my token.

validator.validate(token, nonce); //Exception this line

com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: connect timed out.

I am using WebLogic server

Comments (6)

  1. Vladimir Dzhuvinov

    Looking at the error message, the remote JWK set URL could be invalid, or there might be some other HTTP or networking issue when trying to download the OpenID provider keys in order to validate the ID token.

    There could also be an issue with the server TLS certificate not being trusted by the JVM.

  2. ayyabas05

    The following line is not setting properly. when i debug the code it is always showing connection time out and read time out as 0 .Can you please assist me how to resolve this issue.

    com.nimbusds.jose.util.DefaultResourceRetriever

    94 . con.setConnectTimeout(getConnectTimeout());
    95 . con.setReadTimeout(getReadTimeout());
    
  3. sumankpattnaik

    I used jwks url to get the public key following way and then verify with jwt token. Hope this helps!! ////////////////////////////

    public PublicKey getPublicKeyFromJWKSet(URL jwksURL, String keyId) throws Exception{ PublicKey publicKey = null; JSONObject jwkSet = JWKSet.load(jwksURL).toJSONObject() JSONArray keyset = (JSONArray) jwkSet.get("keys"); JSONObject jwKey = null; for(Object obj : keyset){ jwKey = (JSONObject)obj; if(jwKey.get("kid").equals(keyId)){ break; }//EndIf jwKey = null; }//EndFor

        if(jwKey !=null){
            org.apache.commons.codec.binary.Base64 base64Decoder = new org.apache.commons.codec.binary.Base64(true);
    
            BigInteger modulus = new BigInteger(1, base64Decoder.decode((String)jwKey.get("n")));
            BigInteger exponent = new BigInteger(1, base64Decoder.decode((String)jwKey.get("e")));
            publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent));
        }//EndIf
        return publicKey;
    

    }//EndMethod

    public boolean verifyJWTByJWKS(String jwtToken, String jwksURL) throws Exception {

    SignedJWT signedJWT =  SignedJWT.parse(jwtToken);
    if(signedJWT!=null) {
        WSVerifier verifier = new RSASSAVerifier(
                    (RSAPublicKey) getPublicKeyFromJWKSet(new URL(jwkUri),signedJWT.getHeader().getKeyID()));
      if(verifier!=null && signedJWT.verify(verifier)) 
           return true;
    
    }
    

    return false }

  4. Log in to comment