FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Jwks doesn't have key to match kid or alg from JWT (client credentials token)

    Scheduled Pinned Locked Moved
    General Discussion
    jwks jwt keys client creds
    1
    2
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vlad.koshkarov
      last edited by

      Good day FusionAuth Team!

      I followed the instructions to configure and test OAuth Client Credentials Grant with Entities [https://fusionauth.io/docs/v1/tech/oauth/#example-client-credentials-grant], but the JWT access token that was produced has a kid that is not in our JWKS endpoint (/.well-known/jwks.json), therefore we can't pass authentication in our system.

      On the same tenant, when a user logs in with the Authorization Code Grant Flow with PKCE, the key is signed with the kid that is in the JWKS endpoint (/.well-known/jwks.json). So everything works fine.

      Am I missing something here?

      Thank you.

      V 1 Reply Last reply Reply Quote 0
      • V
        vlad.koshkarov @vlad.koshkarov
        last edited by

        The tenant is using the "Default signing key (HS256)" for the access token.

        1 Reply Last reply Reply Quote 0
        • V vlad.koshkarov deleted this topic on
        • J johnathon restored this topic on
        • First post
          Last post