Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13748

Firefox login through OAUTH (social providers, openam) got 500 ERROR InvalidJwtException

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 7.0.0, 6.0.0.4, 6.5.0.1
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      Firefox Quantum 69.0

      Description

      When using login through Firefox, JWT token seems to be invalid.
      With same deployment, latest Chrome doesn't have such issue

      WARNING: Resource exception: 500 Internal Server Error: "Invalid token"
      org.forgerock.json.resource.InternalServerErrorException: Invalid token
      	at org.forgerock.openidm.idp.IdentityProviderService.actionInstance(IdentityProviderService.java:355)
      	at org.forgerock.json.resource.InterfaceSingletonHandler.handleAction(InterfaceSingletonHandler.java:26)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:251)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:251)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.lambda$filterAction$0(DelegatedAdminFilter.java:187)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:260)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:224)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterRequest(DelegatedAdminFilter.java:260)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterAction(DelegatedAdminFilter.java:187)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.audit.filter.AuditFilter.lambda$filterAction$0(AuditFilter.java:119)
      	at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:175)
      	at org.forgerock.openidm.audit.filter.AuditFilter.filterAction(AuditFilter.java:119)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.lambda$filterAction$0(ServletConnectionFactory.java:379)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.handleRequestWithLogging(ServletConnectionFactory.java:431)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.filterAction(ServletConnectionFactory.java:379)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:226)
      	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
      	at org.forgerock.json.resource.AbstractConnectionWrapper.actionAsync(AbstractConnectionWrapper.java:74)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.lambda$actionAsync$11(ServletConnectionFactory.java:357)
      	at org.forgerock.openidm.metrics.MetricsCollector.time(MetricsCollector.java:112)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.time(ServletConnectionFactory.java:292)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.actionAsync(ServletConnectionFactory.java:357)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
      	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:181)
      	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:260)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:249)
      	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:713)
      	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:619)
      	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:281)
      	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
      	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.ProfileEnhancementCheckFilter.filter(ProfileEnhancementCheckFilter.java:146)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.LoginCountFilter.filter(LoginCountFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:260)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:249)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
      	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
      	at org.forgerock.openidm.auth.AuthFilterWrapper.filter(AuthFilterWrapper.java:87)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:264)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
      	at org.forgerock.openidm.jetty.LargePayloadServletFilter.doFilter(LargePayloadServletFilter.java:64)
      	at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy64.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:311)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:265)
      	at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy64.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:293)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
      	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)
      	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:690)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.Server.handle(Server.java:503)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
      	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
      	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.forgerock.oauth.OAuthException: Invalid token
      	at org.forgerock.openidm.idp.TokenDataStore.retrieveData(TokenDataStore.java:99)
      	at org.forgerock.openidm.idp.IdentityProviderService.handlePostAuth(IdentityProviderService.java:459)
      	at org.forgerock.openidm.idp.IdentityProviderService.actionInstance(IdentityProviderService.java:341)
      	... 123 more
      Caused by: org.forgerock.tokenhandler.InvalidTokenException: Invalid token
      	at org.forgerock.json.jose.tokenhandler.JwtTokenHandler.validateAndExtractClaims(JwtTokenHandler.java:170)
      	at org.forgerock.json.jose.tokenhandler.JwtTokenHandler.validateAndExtractState(JwtTokenHandler.java:143)
      	at org.forgerock.openidm.idp.TokenDataStore.retrieveData(TokenDataStore.java:97)
      	... 125 more
      Caused by: org.forgerock.json.jose.exceptions.InvalidJwtException: not right number of dots, 1
      	at org.forgerock.json.jose.common.JwtReconstruction.reconstructJwt(JwtReconstruction.java:63)
      	at org.forgerock.json.jose.builders.JwtBuilderFactory.reconstruct(JwtBuilderFactory.java:73)
      	at org.forgerock.json.jose.tokenhandler.JwtTokenHandler.validateAndExtractClaims(JwtTokenHandler.java:153)
      	... 127 more 

        Attachments

          Activity

            People

            • Assignee:
              brmiller Brendan Miller
              Reporter:
              michal.orlik@profiq.cz Michal Orlik
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: