Ledger API with Auth0 JWKS gives Authorization error
Hi,
I’m running sandbox locally with --auth-jwt-rs256-jwks pointed to a valid Auth0 JWKS. When the client tries to connect using a valid token from Auth0, I see an error saying
“c.d.ledger.api.auth.AuthServiceJWT$ - Authorization error: Could not verify JWT token: The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA”
I verified the token on jwt.io and the signature is valid. Also used Auth0 JWT lib to validate the token and it seems fine. I believe the same lib (GitHub - auth0/java-jwt: Java implementation of JSON Web Token (JWT)) is used in Ledger API implementation.
What could be the possible reason for Ledger API to reject this connection. Am I missing something?
Your help is much appreciated. Thanks!
Thanks for the response @bernhard. Yes, I double checked it’s RS256 and the algorithm matches. Please let me know if you need further details.
Hi @Theja,
Normally there would be security issues with sharing the token, but I think in this case it should be fine as the token is only valid for a temporary, local sandbox.
Would you mind sharing both the token you’re using and the JWKS URL of your Auth0 tenant? Once we’re done debugging, you can delete that tenant and create a new one with a working configuration, which should address any security concern.
Alternatively, if this tenant is not one you can destroy (say, it’s already used for something else), would you mind creating a new, temporary tenant on which you can reproduce the issue and sharing that one? From the Auth0 console, you can create a new tenant from the dropdown in the top left.
Thanks @Gary_Verhaegen for the response. I’m closing this issue here as it is related to the client side configuration of the access token. Apologies.
It is working as expected 
