Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    SOLVED 500 Error: /api/jwt/vend

    General Discussion
    2
    8
    479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      support 0 last edited by support 0

      I'm attempting to use the /api/jwt/vend endpoint and getting a 500 ERROR as a response. This seems very similar/identical to [this] previous report.

      Here is the error from the logs:

      2022-05-29 10:31:28.498 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
      java.lang.NullPointerException: Cannot read field "keyId" because "this.request" is null
      	at io.fusionauth.app.action.api.jwt.VendAction.validate(VendAction.java:53)
      	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
      	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
      	at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
      	at org.primeframework.mvc.validation.DefaultValidationProcessor.validate(DefaultValidationProcessor.java:77)
      	at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:46)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:91)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:64)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at io.fusionauth.app.primeframework.CORSFilter.doFilter(CORSFilter.java:262)
      	at io.fusionauth.app.primeframework.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:49)
      	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
      	at io.fusionauth.app.primeframework.FusionAuthMVCWorkflow.perform(FusionAuthMVCWorkflow.java:86)
      	at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
      	at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
      	at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78)
      	at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:881)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1647)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
      	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.base/java.lang.Thread.run(Thread.java:833)
      

      Request Attempts:

      curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
      
      curl -vvv -X POST -H 'X-FusionAuth-TenantId: ##tenant_id##' -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##instance_url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
      
      curl -vvv -X POST -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend?client_id=##client_id##&client_secret=##client_secret##'
      
      curl -vvv -X POST -H 'Authorization: ##api_key##' -d '{"keyId": "fafdc79b-d058-4e93-99d9-759e40b03711", "timeToLiveInSeconds":300, "claims":{"sub":"test","roles":["anonymous"]}}' 'https://##url##/api/jwt/vend'
      

      Instance Details:
      Version: 1.36.4
      Latest version:
      Nodes: 1
      Runtime mode: Development
      Host: Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1048-azure x86_64)
      Reverse Proxy: nginx

      dan 1 Reply Last reply Reply Quote 0
      • dan
        dan @support 0 last edited by

        @support-0

        Hmmm.

        Do you see the same issues when you don't put the parameters on the request?

        The vend API doesn't require them. It is designed to create arbitrary JWTs signed by FusionAuth managed keys, and there's need to tie such JWTs to an account. If you want the aud or applicationId claim to be set to an application client Id, you need those values in the body.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        S 1 Reply Last reply Reply Quote 0
        • S
          support 0 @dan last edited by

          @dan no matter how I change the request (including no query string) if I remove the Authorization header it gives me a 401, otherwise i get the same 500 error.

          dan 1 Reply Last reply Reply Quote 0
          • dan
            dan @support 0 last edited by

            @support-0 Ah, I think you need to use -H 'Content-type: application/json' as well. Otherwise curl sends the post as form parameters, which doesn't work.

            I'll file a bug about the 500 error, we shouldn't return that, though.

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            S dan 3 Replies Last reply Reply Quote 0
            • S
              support 0 @dan last edited by

              @dan ah! That worked. Thanks. Your timing is uncanny, I just pushed a fake JWT creator awaiting this fix. Switching back to FA for my anon users 🙂

              1 Reply Last reply Reply Quote 0
              • S
                support 0 @dan last edited by

                @dan How do I mark this as [resolved]?

                dan 1 Reply Last reply Reply Quote 0
                • dan
                  dan @support 0 last edited by

                  @support-0 I think you have to mark it as a question and then mark it as an answered question.

                  --
                  FusionAuth - Auth for devs, built by devs.
                  https://fusionauth.io

                  1 Reply Last reply Reply Quote 0
                  • dan
                    dan @dan last edited by

                    Bug filed here: https://github.com/FusionAuth/fusionauth-issues/issues/1740

                    --
                    FusionAuth - Auth for devs, built by devs.
                    https://fusionauth.io

                    1 Reply Last reply Reply Quote 0
                    • Topic has been marked as a question  S support 0 
                    • Topic has been marked as solved  S support 0 
                    • First post
                      Last post