Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InvalidTokenError: Failed to fetch authorization server metadata #132

Open
4 tasks done
SaiMadhav9494 opened this issue Jan 18, 2024 · 5 comments
Open
4 tasks done

InvalidTokenError: Failed to fetch authorization server metadata #132

SaiMadhav9494 opened this issue Jan 18, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@SaiMadhav9494
Copy link

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

Been using this library to validate the access tokens and recently started to get a 401 error saying Failed to fetch authorization server metadata.

As I started to dig into the library code, found out that the discovery method is failing to fetch the openid and oauth configs.

Note: I have verified my issuer url and seems to be good.

Pasting the error being thrown inside the catch block of the discover method:

AggregateError: 
    at internalConnectMultiple (node:net:1114:18)
    at internalConnectMultiple (node:net:1177:5)
    at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
    at listOnTimeout (node:internal/timers:575:11)
    at processTimers (node:internal/timers:514:7) {
  code: 'ETIMEDOUT',
  [errors]: [
    Error: connect ETIMEDOUT 104.19.167.24:443
        at createConnectionError (node:net:1634:14)
        at Timeout.internalConnectMultipleTimeout (node:net:1685:38)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -110,
      code: 'ETIMEDOUT',
      syscall: 'connect',
      address: '104.19.167.24',
      port: 443
    },
    Error: connect ENETUNREACH 2606:4700::6813:a718:443 - Local (:::0)
        at internalConnectMultiple (node:net:1176:40)
        at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -101,
      code: 'ENETUNREACH',
      syscall: 'connect',
      address: '2606:4700::6813:a718',
      port: 443
    },
    Error: connect ETIMEDOUT 104.19.168.24:443
        at createConnectionError (node:net:1634:14)
        at Timeout.internalConnectMultipleTimeout (node:net:1685:38)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -110,
      code: 'ETIMEDOUT',
      syscall: 'connect',
      address: '104.19.168.24',
      port: 443
    },
    Error: connect ENETUNREACH 2606:4700::6813:a818:443 - Local (:::0)
        at internalConnectMultiple (node:net:1176:40)
        at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -101,
      code: 'ENETUNREACH',
      syscall: 'connect',
      address: '2606:4700::6813:a818',
      port: 443
    }
  ]
}

Assuming the time out (5000 ms) specified inside the fetch method is causing to fail and throw. Because when I have tried to fetch the openid configs using curl with the specific url https://{issuer_base_url}/.well-known/openid-configuration, I was able to get the configs.

Reproduction

  1. Generate an auth0 access token and append to the authorization header of the request: authorization: Bearer access_token.
  2. Use the express-oauth2-jwt-bearer library to validate the token.
import { auth as auth0 } from 'express-oauth2-jwt-bearer';
import { promisify } from 'util';

async validateAuth0Token(req: Request, res: Response) {
    const validateToken = promisify(
      auth0({
        issuerBaseURL: ISSUER_BASE_URL,
        audience: AUDIENCE,
        tokenSigningAlg: 'RS256',
      }),
    );

    await validateToken(req, res);
  }

Additional context

No response

express-oauth2-jwt-bearer version

1.6.0

Node.js version

20.10.0
@SaiMadhav9494 SaiMadhav9494 added the bug Something isn't working label Jan 18, 2024
@SaiMadhav9494
Copy link
Author

tried removing the timeoutDuration and still getting the same error.

also tried this package and getting the same error. not sure if I need to bring this up with the Auth0 community.

@abhi07sh
Copy link

abhi07sh commented Jul 4, 2024

Any solution for this ?

@walosha
Copy link

walosha commented Jul 5, 2024

same issue

@abhi07sh
Copy link

abhi07sh commented Jul 6, 2024

I solved it by setting NODE_TLS_REJECT_UNAUTHORIZED to 0

@walosha
Copy link

walosha commented Jul 6, 2024

I solved it by setting NODE_TLS_REJECT_UNAUTHORIZED to 0

just again this morning and it worked. no changes made to my app

@marchchad marchchad mentioned this issue Sep 2, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@walosha @SaiMadhav9494 @abhi07sh