com.auth0.jwk.SigningKeyNotFoundException: Cannot obtain jwks from url https://<oauth_server>/.well-known/jwks.json about jwks-rsa-java HOT 14 CLOSED

@jwtLearner You can either use the URL or the String variant of the UrlJwkProvider constructor (or any other Url Provider). If you use the first one, you'll have to input the full URL. But with the second one you just input the domain. Typically, the jwks file is stored in the /.well-known/jwks.json path. (again, by using the URL constructor you can change that).

Similar to what @ryber said, to use it with Auth0 you'd pass your account's domain. Say I have an account called "mytenant" then the domain would be "mytenant.auth0.com" or "https://mytenant.auth0.com", either will do. By appending the well known path we form the https://mytenant.auth0.com/.well-known/jwks.json url. That's the file that it's downloaded/cached and checked when your provider seeks for a given "kid".
Cheers.

from jwks-rsa-java.

@lbalmaceda Thanks, my problem is solved!!
//**********************************************************************
String jwks=AQUI LA URL
URL url = new URL(jwks);
JwkProvider provider = new UrlJwkProvider(url);
//*************************************************************************

from jwks-rsa-java.

The method that takes a string is just used to find the domain and then builds a well known URI based on that. The resulting URI may or may not be valid. For example if you are using authorization servers in Okta your jwk_uri will actually be something like

https://yourdomain.okta.com/oauth2/{auth-server-id}/v1/keys;

If you know (or can get) the exact proper URI you should use the constructor that takes a URI object

BTW, I agree that the string constructor being "helpful" is weird. I would have expected it just takes the full URI

from jwks-rsa-java.

I have a similar problem, though it used to work fine. The JwkProvider creates the right url (I can navigate to it without issue).

The issue seems to be with the SSL handshake:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any reason why my jdk wouldn't be able to find valid certificate to *.eu.auth0.com?

from jwks-rsa-java.

@cesartl Sounds weird, but definitely not a problem on the SDK itself. You mentioned you could access the URL just fine so it might have been a temporary issue with the backend. If the issue persists, please don't hesitate on dropping a message in https://support.auth0.com/

from jwks-rsa-java.

I'm experiencing the same issue. Does anyone know if this has been resolved or what one needs to do to correct it in the method.

from jwks-rsa-java.

I also have the same issue!

from jwks-rsa-java.

Quick fix: In my case the solution was to reinstall openjdk. I installed the newest version with brew on mac: brew cask install adoptopenjdk13.

from jwks-rsa-java.

Have the same issue when using custom domain

from jwks-rsa-java.

@BoTime For this library, the concept of "custom domain" is not important. The provider class you instantiate must be given a valid URL to where the JWKS file is hosted.

from jwks-rsa-java.

I think it would be helpful for folks if the String constructor checked if the string was already configured with a .well-known and if it was just said "cool" and took it. I've had to explain this a few times internally at the company I work at and it seems to be a regular issue here.

from jwks-rsa-java.

@ryber we had this discussion with the team in the past and we agreed that the Javadoc of the class is self-explanatory.

The URL provider has 2 constructor. One that accepts a "URL" instance (for you to create as you wish) and another that accepts a "Domain" string. So Domain != "full URL"

https://github.com/auth0/jwks-rsa-java/blob/master/src/main/java/com/auth0/jwk/UrlJwkProvider.java#L64-L69

from jwks-rsa-java.

I am using URL and defined the provider. I am getting this error when provider.get(jwt.getKeyId()) Cannot obtain jwks from url https://localhost:31300/.well-known/openid-configuration/jwks. But I can access it through postman and get correct response.

from jwks-rsa-java.

@jinyanghuang I imagine the "https" in the URL could be making the certificate to be validated. Postman has a setting to disable the SSL verification, this library doesn't.

from jwks-rsa-java.