500 Error: /api/jwt/vend
-
I'm attempting to use the /api/jwt/vend endpoint and getting a 500 ERROR as a response. This seems very similar/identical to [this] previous report.
Here is the error from the logs:
2022-05-29 10:31:28.498 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown java.lang.NullPointerException: Cannot read field "keyId" because "this.request" is null at io.fusionauth.app.action.api.jwt.VendAction.validate(VendAction.java:53) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414) at org.primeframework.mvc.validation.DefaultValidationProcessor.validate(DefaultValidationProcessor.java:77) at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:46) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:91) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:64) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at io.fusionauth.app.primeframework.CORSFilter.doFilter(CORSFilter.java:262) at io.fusionauth.app.primeframework.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:49) at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51) at io.fusionauth.app.primeframework.FusionAuthMVCWorkflow.perform(FusionAuthMVCWorkflow.java:86) at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44) at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50) at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78) at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:881) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1647) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:833)
Request Attempts:
curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
curl -vvv -X POST -H 'X-FusionAuth-TenantId: ##tenant_id##' -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
curl -vvv -X POST -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend'
Instance Details:
Version: 1.36.4
Latest version:
Nodes: 1
Runtime mode: Development
Host: Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1048-azure x86_64)
Reverse Proxy: nginx -
Hmmm.
Do you see the same issues when you don't put the parameters on the request?
The vend API doesn't require them. It is designed to create arbitrary JWTs signed by FusionAuth managed keys, and there's need to tie such JWTs to an account. If you want the
aud
orapplicationId
claim to be set to an application client Id, you need those values in the body. -
@dan no matter how I change the request (including no query string) if I remove the Authorization header it gives me a 401, otherwise i get the same 500 error.
-
@support-0 Ah, I think you need to use
-H 'Content-type: application/json'
as well. Otherwise curl sends the post as form parameters, which doesn't work.I'll file a bug about the 500 error, we shouldn't return that, though.
-
@dan ah! That worked. Thanks. Your timing is uncanny, I just pushed a fake JWT creator awaiting this fix. Switching back to FA for my anon users
-
@dan How do I mark this as [resolved]?
-
@support-0 I think you have to mark it as a question and then mark it as an answered question.
-
Bug filed here: https://github.com/FusionAuth/fusionauth-issues/issues/1740
-
-