Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    SOLVED Issue with istio and FusionAuth

    Q&A
    istio kubernetes
    1
    2
    138
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dan
      dan last edited by

      We're trying to use FusionAuth with istio and oauth2-proxy to protect resources in kubernetes. We have another idp that we are using, and the system works fine.

      But when we try to use FusionAuth, we see these messages:

      No valid authentication in request. Initiating login.

....

Error redeeming code during OAuth2 callback: could not verify id_token: failed to verify token: failed to verify signature: failed to verify id token signature

      Not quite sure where to go from here.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      dan 1 Reply Last reply Reply Quote 0
      • dan
        dan @dan last edited by

        There are a couple of things to check:

        • make sure that you've updated the issuer at the tenant screen: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#general
        • make sure you are using an asymmetric keypair to sign the id token. If you are using HMAC, which is the default for FusionAuth, you have to share a secret. Asymmetric algorithms like RSA256 are what proxies typically need (so they don't have to have the signing secret). More here: https://fusionauth.io/docs/v1/tech/core-concepts/applications#jwt and here: https://fusionauth.io/docs/v1/tech/core-concepts/key-master

        Hope that helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • Topic has been marked as solved  dan dan 
        • First post
          Last post