Issue with istio and FusionAuth
-
We're trying to use FusionAuth with istio and oauth2-proxy to protect resources in kubernetes. We have another idp that we are using, and the system works fine.
But when we try to use FusionAuth, we see these messages:
No valid authentication in request. Initiating login. .... Error redeeming code during OAuth2 callback: could not verify id_token: failed to verify token: failed to verify signature: failed to verify id token signatureNot quite sure where to go from here.
--
FusionAuth - Auth for devs, built by devs.
https://fusionauth.io -
There are a couple of things to check:
- make sure that you've updated the issuer at the tenant screen: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#general
- make sure you are using an asymmetric keypair to sign the id token. If you are using HMAC, which is the default for FusionAuth, you have to share a secret. Asymmetric algorithms like RSA256 are what proxies typically need (so they don't have to have the signing secret). More here: https://fusionauth.io/docs/v1/tech/core-concepts/applications#jwt and here: https://fusionauth.io/docs/v1/tech/core-concepts/key-master
Hope that helps.
-
D dan has marked this topic as solved on