K
Kinde7mo ago
Uglyer

JWKS not containing any signing keys

I'm using the jwks-rsa package in a Hono application and when it comes time to use getSigningKey I get the error "The JWKS endpoint did not contain any signing keys" My endpoint is my issuer url and then .well-known/jwks.json It gives me this same response in development and production
12 Replies
Uglyer
UglyerOP7mo ago
This is all through a custom webhook
Oli - Kinde
Oli - Kinde7mo ago
Hey @Uglyer, It sounds like the issue might be related to the JWKS endpoint not being correctly set up or not accessible from your application. Here are a few steps you can take to troubleshoot and resolve this issue: 1. Verify the JWKS URL: Ensure that the JWKS URL you are using (${process.env.KINDE_ISSUER_URL}/.well-known/jwks.json) is correct. You can check this by manually accessing the URL in a browser or using a tool like curl to see if it returns a JSON Web Key Set. 2. Check for Typographical Errors: Double-check that there are no typographical errors in your environment variable KINDE_ISSUER_URL and that it is being correctly loaded in your application. 3. Access Permissions: Ensure that the JWKS endpoint is publicly accessible and not restricted by IP or other access control settings that might prevent your application from accessing it. 4. Inspect the JWKS Response: If you can access the URL, inspect the response to ensure it contains the expected keys. A valid JWKS endpoint should return a JSON object with a keys array containing the public keys. 5. Caching Issues: If you recently made changes to the JWKS configuration on the server, there might be caching issues. Try clearing any caches that might affect the JWKS endpoint. 6. Server Logs: Check the server logs where the JWKS endpoint is hosted to see if there are any errors or warnings that could provide more insight into the issue. If you have verified all the above and still face issues, please let me know.
Uglyer
UglyerOP6mo ago
@Oli - Kinde thanks for the reply! After some more testing and running the jwks-rsa code locally I've found that the CryptoKey returned is not extractable. My endpoint does return a json object with a keys value in it. However when it's fed into the jwks-rsa package it doesn't find a signing key. Apparently the CryptoKey is not extractable. Is this something that is set on Kinde's side when creating the jwks key?
Oli - Kinde
Oli - Kinde6mo ago
Hey @Uglyer, I will get one of my team mates who is more of an expert in this area to look into this and get back to you
Uglyer
UglyerOP6mo ago
This may be an issue with Bun. I just tried to verify the token with pnpm and it seemed to have worked. Confirmed its an issue with using Bun . The package jose doesn't work well with Bun yet and jose is used within jwks-rsa
Oli - Kinde
Oli - Kinde6mo ago
Hey @Uglyer, Sorry for the delayed response. I just want to confirm whether you are still experiencing an issue?
Uglyer
UglyerOP6mo ago
Yes when using Bun but I've switched back to Nodejs for this project because of this issue
Oli - Kinde
Oli - Kinde6mo ago
Hey @Uglyer, Would you be able to send over a code sample of your issue using Bun so my team mates can reproduce this issue? The smaller the code sample the better
Uglyer
UglyerOP6mo ago
@Oli - Kinde Hey I'm sorry I never got back around to this. I haven't had time to create the example again but it was literally just following the example in the docs. The issue is with Bun and the jose package which is a dependency inside of the jwks-rsa package that is recommended in the docs in order to verify that webhook requests are coming from Kinde
Oli - Kinde
Oli - Kinde5mo ago
Hey @Uglyer,
Hey I'm sorry I never got back around to this. I haven't had time to create the example again but it was literally just following the example in the docs.
No need to apologise. Are you able to point me to the example in the docs you are talking about?
Uglyer
UglyerOP5mo ago
@Oli - Kinde https://docs.kinde.com/integrate/webhooks/webhooks-nextjs/ This example is what I followed although I was using https://bun.sh/ with https://hono.dev/ instead of Nextjs
Kinde docs
Set up webhooks using NextJS
Our developer tools provide everything you need to get started with Kinde.
Bun
Bun — A fast all-in-one JavaScript runtime
Bundle, install, and run JavaScript & TypeScript — all in Bun. Bun is a new JavaScript runtime with a native bundler, transpiler, task runner, and npm client built-in.
Hono is a small, simple, and ultrafast web framework for the Edges. It works on Cloudflare Workers, Fastly Compute, Deno, Bun, Vercel, Netlify, AWS Lambda, Lambda@Edge, and Node.js. Fast, but not only fast.
Oli - Kinde
Oli - Kinde5mo ago
Thanks for sending over the doc. I will pass this feedback onto my team. I know you are unblocked by using node.js, but please reach out if you become blocked by any issues again
Want results from more Discord servers?
Add your server