FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Cannot lookup public key for kid

    Scheduled Pinned Locked Moved
    General Discussion
    2
    3
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      me
      last edited by

      Hello,
      I'm on FusionAuth version [1.20.1] launched with provided docker-compose.yml
      After successful login my backend service looks at the JWT and want to verify the token by retrieving the corresponding public signing key.

      The JWT header says:

      {
  "alg": "HS256",
  "typ": "JWT",
  "kid": "52d751231"
}

      But looking that key up results in Not Found

      curl -i http://localhost:9011/api/jwt/public-key?kid=52d751231
HTTP/1.1 404

      But the kid mentioned above matches the Default signing key listed under http://localhost:9011/admin/key/ in the admin interface.

      Am I doing it wrong? How can I get the public signing key?

      M 1 Reply Last reply Reply Quote 0
      • M
        me @me
        last edited by

        @me found the missing piece here https://fusionauth.io/community/forum/topic/404/

        One has to generate a JWT signing key pair on the FA application in question.

        1 Reply Last reply Reply Quote 1
        • danD
          dan
          last edited by

          Yup, you got it!

          And also HMAC keys will never be displayed in the public-key list. Since they are symmetric, displaying them in that list would let anyone viewing them sign JWTs indistinguishable from those signed by FusionAuth.

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 1
          • First post
            Last post