This request object uses unsupported signing algorithm "EdDSA" #1191
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Attempting to use the JWT authenticator results in an "This request object uses unsupported signing algorithm "EdDSA"." error, yet oathkeeper credentials generator has no issues generating using the EdDSA algorithm, eg. oathkeeper credentials generate --alg EdDSA
Reproducing the bug
- Setup a JWT authenticator in config and add a rule using the jwt handler.
authenticators:
jwt:
enabled: true
config:
jwks_urls:
- http://localhost:4456/.well-known/jwks.json
allowed_algorithms:
- EdDSA- Use a JWT signed with the EdDSA algorithm as a bearer token with the /decisions endpoint.
Relevant log output
id=
rid=
error=The request was malformed or contained invalid parameters
reason=This request object uses unsupported signing algorithm "EdDSA".
details=map[]
debug=
github.com/ory/oathkeeper/credentials.(*VerifierDefault).Verify.func1
/project/credentials/verifier_default.go:81
github.com/golang-jwt/jwt/v4.(*Parser).ParseWithClaims
/go/pkg/mod/github.com/golang-jwt/jwt/[email protected]/parser.go:80
github.com/golang-jwt/jwt/v4.ParseWithClaims
/go/pkg/mod/github.com/golang-jwt/jwt/[email protected]/token.go:108
github.com/ory/oathkeeper/credentials.(*VerifierDefault).Verify
/project/credentials/verifier_default.go:42
github.com/ory/oathkeeper/pipeline/authn.(*AuthenticatorJWT).Authenticate
/project/pipeline/authn/authenticator_jwt.go:107
github.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest
/project/proxy/request_handler.go:205
github.com/ory/oathkeeper/api.(*DecisionHandler).decisions
/project/api/decision.go:96
github.com/ory/oathkeeper/api.(*DecisionHandler).ServeHTTP
/project/api/decision.go:50
github.com/urfave/negroni.middleware.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/oathkeeper/cmd/server.runAPI.func1.ContextualizedMiddleware.func3
/go/pkg/mod/github.com/ory/[email protected]/corsx/middleware.go:28
github.com/urfave/negroni.HandlerFunc.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29
github.com/urfave/negroni.middleware.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/x/reqlog.(*Middleware).ServeHTTP
/go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:142
github.com/urfave/negroni.middleware.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP
/project/metrics/middleware.go:103
github.com/urfave/negroni.middleware.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/ory/x/metricsx.(*Service).ServeHTTP
/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:272
github.com/urfave/negroni.middleware.ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38
github.com/urfave/negroni.(*Negroni).ServeHTTP
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.(*middleware).serveHTTP
/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]/handler.go:217
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.NewMiddleware.func1.1
/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]/handler.go:81
net/http.HandlerFunc.ServeHTTP
/usr/local/go/src/net/http/server.go:2136
net/http.serverHandler.ServeHTTP
/usr/local/go/src/net/http/server.go:2938
net/http.(*conn).serve
/usr/local/go/src/net/http/server.go:2009
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1650Relevant configuration
No response
Version
0.40.7
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes
Additional Context
Might be related to #691.