Failed to fetch public keys to validate JWT

rkrishna · October 26, 2022, 10:10am

We have implemented Secure your API using Spring Security 5 and Auth0. But sometimes when we try to deploy the API service or Server Machine restarts, the API Service is failing to deploy because the service is not able to fetch Public Keys using the issue URI and below is the exception we get to see.

org.springframework.security.authentication.AuthenticationServiceException: An error occurred while attempting to decode the Jwt: Couldn't retrieve remote JWK set: org.springframework.web.client.UnknownHttpStatusCodeException: 530 Server Error: "Internal Edge Error"

The error could be Auth0 returning 503 status code with error “Internal Edge Error” instead returning public keys to validate the JWT.

How to avoid this?

dan.woda · October 28, 2022, 5:27pm

Hi @rkrishna,

You can cache the JWKs locally and only update when they are expired/rotated. This should help to mitigate the issue.

rkrishna · October 28, 2022, 5:40pm

Hi @dan.woda,

Thanks for the hint.

But, it was managed by

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    </dependency>

and have no control over it.