Failure getting .well-known/jwks.json

Help
,
1

I’ve checked out some of the related answers, with no luck finding an answer.
I’m running a Nodejs backend using JsonWebToken.

My issue is that fairly often I’m getting:

JsonWebTokenError: error in secret or public key callback: socket hang up
at .../node_modules/jsonwebtoken/verify.js:96:1

Which seems to be an issue with getting the keys from my jwksUri: https://{myDomain}.us.auth0.com/.well-known/jwks.json

It looks like auth0 is not always available at that URL, so I was wondering if there’s anything I could do to prevent this issue.

For the record, I’m using the jwksClient with cache set to true and cacheMaxEntries set to 1000, which should be ok for my current traffic.

Any insight would be much appreciated!

3

Hi @brianz,

Can you provide us with the date/time of the failed attempts so I can look into it further?

4

There were a couple of instances, but one that I could find was at:
timestamp: "2021-04-26T15:37:42.025698Z"

5

Hi @dan.woda,

Any updates on this? I’m also facing the same issue at random occassions. The last time it occurred was at 11:35 AM CST November 12 2021. This is the error that I’m getting:

jwks Fetching signing key for <kid> +0ms
jwks Fetching keys from 'https://{myDomain}.us.auth0.com/.well-known/jwks.json' +0ms
jwks Failure: Error: socket hang up
    at connResetException (node:internal/errors:691:14)
    at TLSSocket.socketCloseListener (node:_http_client:420:25)
    at TLSSocket.emit (node:events:402:35)
    at TLSSocket.emit (node:domain:475:12)
    at node:net:672:12
    at TCP.done (node:_tls_wrap:580:7) {
  code: 'ECONNRESET'

I’m using both the jsonwebtoken and jwks-rsa libraries to handle the validation of the access token. The issue seems to happen when I call the getSigningKey function from the jwks-rsa library.

6

Hi @ale.ferrera,

Are you still experiencing this issue? I don’t see any incidents on our side related to this.

7

Hi, just bumping this saying we’re also getting this error. It happened a few times over the last couple of weeks, here’s the latest with a timestamp on it

2022-06-29_14-21_659x34

Thank you

8

Have been seeing this error a bit more here in July, last one today (x4), July 12th at 10:50:16 CDT

image
image1620×112 20.9 KB

All Central Daylight Time

July 11 @ 15:54:08
July 8 @ 21:01:52
July 8 @ 16:23:08
July 7 @ 14:48:14
July 7 @ 14:01:59
July 7 @ 13:06:59
July 7 @ 11:12:30
Jul 6, 2022 3:10:22 PM CDT
Jul 6, 2022 3:10:13 PM CDT
Jul 6, 2022 2:52:37 PM CDT
Jul 6, 2022 2:41:52 PM CDT
Jul 6, 2022 1:34:12 PM CDT
Jul 6, 2022 12:47:24 PM CDT
Jul 6, 2022 10:06:44 AM CDT
Jul 5, 2022 3:21:09 PM CDT
Jun 30, 2022 2:46:33 PM CDT
Jun 29, 2022 2:56:27 PM CDT
Jun 29, 2022 2:47:28 PM CDT
Jun 29, 2022 11:13:07 AM CDT
Jun 29, 2022 10:02:50 AM CDT

The requests are coming from GCP. I know the internet isn’t perfect, is it possible to add a retry to the client?

9

We are still seeing errors on the endpoint intermittently. Here is one from today (Central Daylight Time)

image
image1742×200 36.4 KB

10

Hi @brett2,

Which SDK are you using?

12

node, import jwksClient from 'jwks-rsa';
“jwks-rsa”: “^2.0.5”,

Usage: https://github.com/ThatConference/that-api/blob/master/src/security/jwt.js

1 Like
13

@brett2

Could you also DM me the name of the tenant?

14

we are facing the same problem… it just occasionally occurs, truggle to understand what’s the cause

15

@konrad.sopala Based on your linked faq as enabling cache as a solution (JsonWebTokenError: error in secret or public key callback: socket hang up - jwks-rsa)

Isn’t cache enabled by default?
So am I to assume if someone is still seeing this issue, adding or increasing cache isn’t a solution? Simply trying to understand. Thank you.