Failed to fetch public keys to validate JWT

,

We have implemented Secure your API using Spring Security 5 and Auth0. But sometimes when we try to deploy the API service or Server Machine restarts, the API Service is failing to deploy because the service is not able to fetch Public Keys using the issue URI and below is the exception we get to see.

org.springframework.security.authentication.AuthenticationServiceException: An error occurred while attempting to decode the Jwt: Couldn't retrieve remote JWK set: org.springframework.web.client.UnknownHttpStatusCodeException: 530 Server Error: "Internal Edge Error"

The error could be Auth0 returning 503 status code with error “Internal Edge Error” instead returning public keys to validate the JWT.

How to avoid this?

Hi @rkrishna,

You can cache the JWKs locally and only update when they are expired/rotated. This should help to mitigate the issue.

Hi @dan.woda,

Thanks for the hint.

But, it was managed by

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    </dependency>

and have no control over it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.