科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>jwt - Krakend suddenly returns 401: “[JWTValidator] Unable to validate the token: no Keys have been found” with Keycloak - Stack

    jwt - Krakend suddenly returns 401: “[JWTValidator] Unable to validate the token: no Keys have been found” with Keycloak - Stack

    programmeradmin3浏览0评论

    I'm experiencing an issue with Krakend and Keycloak where JWT validation suddenly fails, and I start receiving 401 responses. The error in the logs is:

    [JWTValidator] Unable to validate the token: no Keys have been found

    Setup Details:

    Environment: Both Keycloak and Krakend are running in Docker containers.

    JWT Token: The token I'm using is (for reference)

    eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOUnpvNFl3dHN4WU0xd05MbjNhXzdrYl9iN0djRVU0VUxaZlJjQWxnR3NrIn0.eyJleHAiOjE3NDI0MTUyODEsImlhdCI6MTc0MjQwODA4MSwianRpIjoiMDE2NTQzMDYtYzVkNS00ZjYwLWFlMTAtODgyNzg1MjJjZjcwIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODEvcmVhbG1zL2tyYWtlbmQiLCJzdWIiOiI1YmZhMDBiOC0yMjBiLTQxMGMtYTM5Ni0zYTNlODFiMTg0ODciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiI0YTJmMjU1Yi0xNTI2LTQ3NWMtYjkwMS1mOTI2YmU5ZTIyYmEiLCJzY29wZSI6IiIsImNsaWVudEFkZHJlc3MiOiIxOTIuMTY4LjE0OC44IiwiY2xpZW50X2lkIjoiNGEyZjI1NWItMTUyNi00NzVjLWI5MDEtZjkyNmJlOWUyMmJhIn0.BoCtvGwePU45c_TElzVdxKnjW1HvYRKpj0D8Mhaxm4rSbX3ODstEmmbKoMhym5TMUyoTWm4RRLeVvokROWXnmp5_IxertsudbnDCoOQHOcdtiAxg5Opa2hoS6sVvDk6zPZK4S-kvavoVMAFgw0uPicC6YD5cpUP8oyN0FZdvotvLbnyzzwLPGUDJ9jj84tk-gtAl48Z5KIxJhlXEd5Yd4s3usXKgzJgDWrvGPPu_t1VVbM85A7ft9TMqcbj88yzzrruuSRbf5TOYeMz5ccae2Ev0uh2MT9NgWBlcObINSRGXC1iBb3Jf6fhS998TujkXfOA_pGqLjFIJGTv-Sw4yWA

    {
  "alg": "RS256",
  "typ": "JWT",
  "kid": "NRzo4YwtsxYM1wNLn3a_7kb_b7GcEU4ULZfRcAlgGsk"
}

    JWKS Endpoint Response: When I curl the JWKS endpoint from within the Krakend container:

    curl http://keycloak:8081/realms/krakend/protocol/openid-connect/certs

    i receive this response

    {
  "keys": [
    {
      "kid": "NRzo4YwtsxYM1wNLn3a_7kb_b7GcEU4ULZfRcAlgGsk",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "2ht0gl9-_UKvRBhcxUcSgCI5njQP201VKyBqBtzqvqDClYZ6hkuOPVuDKlz4ls2JoKcPMaXLPyR-f8T-JggXL19ZDAyucv1HwXHQYLy5LSWJj0gDUNFG1ExjUkEBhryuJ47sZ6t_t3FvFpTX0CTMX0BFj8Xmj-oAm7mh6laWCiT3zJ-29p9CajLXr1cVvkiIuWzrB84UnLS4dCoSiw5k_C8kuh57fE03r8ErhxuYfzI_VvtzE-ED0QODKb4BXgXA7EBopK7uzc6DtPcXtCrUW-LR6NXpX0LGBZ-94EWfa21Wk_SV27-RG0w8h8RiZyAZqrWsNKEjHnW9hs-eW-pG0Q",
      "e": "AQAB",
      "x5c": [
        "MIICnTCCAYUCBgGUaQfa/TANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdrcmFrZW5kMB4XDTI1MDExNTA4MTMzMFoXDTM1MDExNTA4MTUxMFowEjEQMA4GA1UEAwwHa3Jha2VuZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANobdIJffv1Cr0QYXMVHEoAiOZ40D9tNVSsgagbc6r6gwpWGeoZLjj1bgypc+JbNiaCnDzGlyz8kfn/E/iYIFy9fWQwMrnL9R8Fx0GC8uS0liY9IA1DRRtRMY1JBAYa8rieO7Gerf7dxbxaU19AkzF9ARY/F5o/qAJu5oepWlgok98yftvafQmoy169XFb5IiLls6wfOFJy0uHQqEosOZPwvJLoee3xNN6/BK4cbmH8yP1b7cxPhA9EDgym+AV4FwOxAaKSu7s3Og7T3F7Qq1Fvi0ejV6V9CxgWfveBFn2ttVpP0ldu/kRtMPIfEYmcgGaq1rDShIx51vYbPnlvqRtECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEASS/DoyVc4zz9e4FM85MzZ2yGNWRv54ZRZ2qtJd9hwo/YtyKHcwyRh9hgRz0iSnKr4zfZljHJ3Rltr6x/YzHb9T7TERK1TpZtUzLkhBH3FLmGRLous0aF2hExYnW/8oM8y5bMClHvGiaWzxRoGLt0kQK5wc6r1d0ep2tnYBR86vuEkWJ/Df04hbHRE/k/fQjFeCO40KsN0oPz9fHkKrRn2Tw/5o5DVSAT17uXhqkzUkspVQbeJspucygmSqM9nA1Lhouhosjk5zuTibDbWF6oUs/r+boKs2ZStoUJFRXDCKJEtvyRLktCIaAmOrVUF8Jt1Ytf+LW7I80taRKc8wJvtQ=="
      ],
      "x5t": "_X7vlc52hYkF3j2bTwQKMBFp9-M",
      "x5t#S256": "S7fU1LyUOnsW8ImWRhoE0Z4JXLwz6PWHFPA9HbAqlWA"
    },
    {
      "kid": "dxQ-X_6x2mEOfrfmAQj5IEY2gN_1o_NYjJm56YvdQCA",
      "kty": "RSA",
      "alg": "RSA-OAEP",
      "use": "enc",
      "n": "r053slzVi3499OXCDCHuNaQGyO0TwOZsFULL-FqWMdtRXuXCinR8fyIprawa8ymMbop-pEnsJkKi8fMDYhHQ278uDwpLQSKFA3YgGJAlvgve09i_GfS_56kbtgWH6jj-jt76mPxZazxzCP9MuuL0PRWZohfuQiU-VwBqNwtE7YJoXIAEQrnkf6BAaeV_iNvknjlHTL4EHDyQOe9Kw8UUsybj5J-UF2yUwliBfGgY_EfgfMiwmo9Pkxe2pppfqZdDw_NXUnVOQ0R_5Dp0BecZN_OjmJBtGR_UnnGCCwho0qxoiRjRrzxkfMEQtSO5-eIRddcRXpelTKZST0xggCShLw",
      "e": "AQAB",
      "x5c": [
        "MIICnTCCAYUCBgGUaQfbZDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdrcmFrZW5kMB4XDTI1MDExNTA4MTMzMFoXDTM1MDExNTA4MTUxMFowEjEQMA4GA1UEAwwHa3Jha2VuZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9Od7Jc1Yt+PfTlwgwh7jWkBsjtE8DmbBVCy/haljHbUV7lwop0fH8iKa2sGvMpjG6KfqRJ7CZCovHzA2IR0Nu/Lg8KS0EihQN2IBiQJb4L3tPYvxn0v+epG7YFh+o4/o7e+pj8WWs8cwj/TLri9D0VmaIX7kIlPlcAajcLRO2CaFyABEK55H+gQGnlf4jb5J45R0y+BBw8kDnvSsPFFLMm4+SflBdslMJYgXxoGPxH4HzIsJqPT5MXtqaaX6mXQ8PzV1J1TkNEf+Q6dAXnGTfzo5iQbRkf1J5xggsIaNKsaIkY0a88ZHzBELUjufniEXXXEV6XpUymUk9MYIAkoS8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZiZ8ZAfeN+F5Htji5O+DO8EiI1+lizEVc2HgOmANWtangr4ww+k91JZ+6VDLxtT8q9NvoynQ1ba5ztbsYjOd/E3lES3GHQbKYTM0MPeyheGs7fX7LaDVIa0xusnHANwPjdNjEi/kCwANrXMVyGKw5PJgSAXamowa7vm5zVvyeYX/IWv/aCuh5b3VbtOsV0aaCtZLHAzrqbWMWUP/HbyKyCt4U/bu1coOmMpP7dqwVi87EkP6ZguWDDbFexEKhXFRpQ9xYrmAvGj9xBcOlOSOjQP1UHOm30MLlik4+EMotwnH+wKNJ7O9/FZGYAjeX6eYafLoMd6rkqztDYz2FezuTw=="
      ],
      "x5t": "a1HSuOboivROdg408K1Hfq5zg1c",
      "x5t#S256": "Z7rdzpbx7rIb7zmSS71o1RlFpTgEySGvbzxoM-8-B5o"
    }
  ]
}

    The token’s header kid matches the corresponding key in the JWKS response, so on the surface the configuration appears correct.

    What I’ve Tried:

    Verified that the JWKS endpoint is reachable from the Krakend container. Confirmed that the JWT’s header and payload (e.g., issuer) match the expected values. Enabled detailed logging via "operation_debug": true in Krakend. No recent changes have been made to the Keycloak or Krakend configurations.

    Question: What could be causing Krakend to fail token validation with the error [JWTValidator] Unable to validate the token: no Keys have been found? What additional debugging steps or configuration checks can I perform to resolve this issue?

    Any insights or suggestions are appreciated!

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论