I have a Go backend that uses github user zett-8’s go-clean-echo as a template. Their template uses a middleware explicitly using auth0. I have a React frontend that properly uses auth0 for login and for getting JWT tokens to interact with the backend, which uses an auth0 API in the jwt middleware.
The middleware is as follows:
package middlewares
import (
"fmt"
"net/http"
"net/url"
"os"
"strings"
"time"
"tlmgateway/configs"
"github.com/auth0/go-jwt-middleware/v2/jwks"
"github.com/auth0/go-jwt-middleware/v2/validator"
"github.com/labstack/echo/v4"
// "github.com/zett-8/go-clean-echo/configs"
)
func JwtMiddleware() (echo.MiddlewareFunc, error) {
// auth0Config := configs.Auth0Config
auth0Config := configs.Auth0ConfigType{
Domain: os.Getenv("AUTH0_DOMAIN"), // my tenant domain
ClientID: os.Getenv("AUTH0_CLIENTID"), // client ID for my single-page application
Audience: []string{os.Getenv("AUTH0_AUDIENCE")}, // identifier URL for my custom API
Issuer: os.Getenv("AUTH0_DOMAIN"), // my tenant domain
SignatureAlgorithm: validator.RS256,
CacheDuration: 15 * time.Minute,
}
issuerURL, err := url.Parse(auth0Config.Issuer)
if err != nil {
return nil, err
}
provider := jwks.NewCachingProvider(issuerURL, auth0Config.CacheDuration)
jwtValidator, err := validator.New(
provider.KeyFunc,
auth0Config.SignatureAlgorithm,
issuerURL.String(),
auth0Config.Audience,
)
if err != nil {
return nil, err
}
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
authorization := c.Request().Header.Get("Authorization")
if authorization == "" {
return echo.NewHTTPError(http.StatusUnauthorized, "No Authorization Header")
}
if !strings.HasPrefix(authorization, "Bearer ") {
return echo.NewHTTPError(http.StatusUnauthorized, "Invalid Authorization Header")
}
token := strings.TrimPrefix(authorization, "Bearer ")
fmt.Printf("\nToken: %s\n\n", token)
claims, err := jwtValidator.ValidateToken(c.Request().Context(), token)
if err != nil {
fmt.Printf("\n%s\n\n", err)
// logger.Error("Invalid Token: ", zap.Error(err))
return echo.NewHTTPError(http.StatusUnauthorized, "Invalid Token")
}
c.Set("claims", claims.(*validator.ValidatedClaims))
return next(c)
}
}, nil
}
the call to jwtValidator.ValidateToken causes an error, which is the following:
failed to deserialize token claims: error getting the keys from the key func: could not get well known endpoints from url <my_domain>/.well-known/openid-configuration: Get "<my_domain>/.well-known/openid-configuration": unsupported protocol scheme ""
The token generated by getAccessTokenSilently
on my frontend is valid, as confirmed by https://jwt.io/
While I have been able to find vanishingly little information on this particular error (essentially, one forum post here where the user said they just gave up), I have the feeling it has something to do with the configuration of the tenant/domain.
What might be the root cause(s) of this error, and how might I address them?