esp: ESP Runtime JWT Key Verification doesn't work for v1.25.0

The latest runtime version released (v1.25.0) introduces a bug into JWT key verification. I don’t exactly know where it’s coming from, but I suspect it is in the base64Decode functionality modified in this commit: https://github.com/cloudendpoints/esp/commit/351f8244f5b12a973050d8b0d614d94f1d02c6be

Our organization recently updated to v1.25.0 and it has brought down our whole development and staging environments. Reverting back to ESP runtime v1.24.0 fixes the issue in both of our organizations environments.

This is the error we’re seeing on all of our services on v1.25.0:

{
    "code": 16,
    "message": "JWT validation failed: KEY_RETRIEVAL_ERROR",
    "details": [
        {
            "@type": "type.googleapis.com/google.rpc.DebugInfo",
            "stackEntries": [],
            "detail": "auth"
        }
    ]
}

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 24 (15 by maintainers)

Most upvoted comments

@jon-whit Thanks for reporting this.

We will investigate. In the mean time, we have reverted the docker image back to v1.24.0 and deleted all v1.25 and v1.25.0 images

+1
qiwzhang on Oct 18, 2018
Read more comments on GitHub
← esp: CORS not working with gRPC endpoints
hue: AttributeError: 'Config' object has no attribute 'get' with HUE 3.9 on CentOS 7.1 →