Couldn't retrieve remote JWK set: connect timed out
Hi Team,
I am getting the following exception when I try to validate my token.
validator.validate(token, nonce); //Exception this line
com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: connect timed out.
I am using WebLogic server
Comments (8)
-
-
thank you for reply .JWT set URL is valid. Do i need to add any additional configuration in web logic server .
-
The following line is not setting properly. when i debug the code it is always showing connection time out and read time out as 0 .Can you please assist me how to resolve this issue.
com.nimbusds.jose.util.DefaultResourceRetriever
94 . con.setConnectTimeout(getConnectTimeout()); 95 . con.setReadTimeout(getReadTimeout());
-
Zero values means that the timeout is left to the underlying networking layer / OS.
Could you past the entire stack trace? (not just the top line)
-
- changed status to invalid
Marking as invalid - error reportedly a HTTP timeout
-
I used jwks url to get the public key following way and then verify with jwt token. Hope this helps!! ////////////////////////////
public PublicKey getPublicKeyFromJWKSet(URL jwksURL, String keyId) throws Exception{ PublicKey publicKey = null; JSONObject jwkSet = JWKSet.load(jwksURL).toJSONObject() JSONArray keyset = (JSONArray) jwkSet.get("keys"); JSONObject jwKey = null; for(Object obj : keyset){ jwKey = (JSONObject)obj; if(jwKey.get("kid").equals(keyId)){ break; }//EndIf jwKey = null; }//EndFor
if(jwKey !=null){ org.apache.commons.codec.binary.Base64 base64Decoder = new org.apache.commons.codec.binary.Base64(true); BigInteger modulus = new BigInteger(1, base64Decoder.decode((String)jwKey.get("n"))); BigInteger exponent = new BigInteger(1, base64Decoder.decode((String)jwKey.get("e"))); publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent)); }//EndIf return publicKey;
}//EndMethod
public boolean verifyJWTByJWKS(String jwtToken, String jwksURL) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(jwtToken); if(signedJWT!=null) { WSVerifier verifier = new RSASSAVerifier( (RSAPublicKey) getPublicKeyFromJWKSet(new URL(jwkUri),signedJWT.getHeader().getKeyID())); if(verifier!=null && signedJWT.verify(verifier)) return true; }
return false }
-
Is there wa way to increase the timeout?
I see that
RemoteJWKSet
expects has a read timout of 500ms. Is there a way to change it when using oauth-2.0-sdk?
-
Always check out the class JavaDocs , they have all the info:
- Log in to comment
Looking at the error message, the remote JWK set URL could be invalid, or there might be some other HTTP or networking issue when trying to download the OpenID provider keys in order to validate the ID token.
There could also be an issue with the server TLS certificate not being trusted by the JVM.