Note: This article is out of date and has been archived.
For the latest information, please see guidance on token validation.
Archived Text
Summary
ADR failing to find matching key in JWKS when confirming DH consent.
Details
The ADR’s system was unable to validate the ID Token returned by the DH during an authorisation flow. The decrypted auth id_token included a “kid” property that did not match a key in the DH public JWKS. As a result of this the ID Token failed verification.
The root cause of this issue was the DH rotation of JWT keys on a regular basis. The ADR was using cached JWT keys which would be outdated due to the DH’s JWT keys rotation implementation.
As a solution, the ADR adjusted its JWKS caching policy to take into account the rotation of JWT keys on a regular basis from the DH.
Impact |
Unable to create consent. |
Workaround |
None |
Participants involved |
ADR & DH |
Comments
0 comments
Please sign in to leave a comment.