"message": "[Keycloak Guard] Signature verification failed"

Question

"message": "[Keycloak Guard] Signature verification failed"

viveksudalai opened this issue 4 years ago · 6 comments

Hi, I am using Laravel 8.37.0 and Vuejs. I have installed and configured this package as per the instruction given in the read-me file. But I am getting following error message while calling from postman. Kindly check and help me to resolve this issue.

"message": "[Keycloak Guard] Signature verification failed",
"exception": "KeycloakGuard\Exceptions\TokenException",
"file": "/opt/lampp/htdocs/archive/officer-hwn-web-robsontenorio/vendor/robsontenorio/laravel-keycloak-guard/src/KeycloakGuard.php",
"line": 41,

In my auth.php I have

'defaults' => [
'guard' => 'api',
'passwords' => 'users',
],
'guards' => [
'api' => [
'driver' => 'keycloak',
'provider' => 'users',
// 'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
In my config/keycloak.php i have

return [
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', "MII####"),

'load_user_from_database' => env('KEYCLOAK_LOAD_USER_FROM_DATABASE', true),

'user_provider_credential' => env('KEYCLOAK_USER_PROVIDER_CREDENTIAL', 'email'),

'token_principal_attribute' => env('KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE', 'username'),

'append_decoded_token' => env('KEYCLOAK_APPEND_DECODED_TOKEN', false),

'allowed_resources' => env('KEYCLOAK_ALLOWED_RESOURCES', null)
];

In Postman Request

Method : Get
URL : 127.0.0.1:8000/api/v1/protected-endpoint
Authorization :
Type :Bearer_token , Token {{access_token}}
Body :
username : "###user@###corp.com"
password : test1
grant_type:password

Answer 1 · 2021-07-02T10:08:05.000Z

I am getting "{"message":"Unauthenticated."} If i remove the Authorization. So let me know how to do Authorization

Answer 2 · 2021-07-30T15:23:35.000Z

Are you getting your access token from Keycloak server or trying to authenticate on same Laravel app?

The "Signature verification failed" occur where the "Public key" of the token doesn't match the key on config

Answer 3 · 2021-07-30T15:38:52.000Z

I got the Access token from Keycloak and passing the access token in below API call. My User table contains username and email columns and i have same user in both keycloak and my local MySQL database

Below is the API call from postman

POST 127.0.0.1:8000/api/v1/protected-endpoint
Headers
Postman-Token
Host : calculated when request is sent>
User-Agent : PostmanRuntime/7.26.8
Accept : /
Accept-Encoding : gzip, deflate, br
Connection : keep-alive
accept : application/json
Content-Type : application/json
Authorization : eyJhbGciOiJSUzI1NiIs.......
Body : none

Response
{"message":"Unauthenticated."}

Answer 4 · 2021-07-30T19:48:39.000Z

@viveksudalai

[Keycloak Guard] Signature verification failed

Hi, I got myself into this issue sometimes.

The problem: We have 2 keycloak servers (development and production). So, sometimes by mistake I manually (Postman) get a token from wrong env and try to use it in another.

{"message":"Unauthenticated."}

You missed a word => Authorization : Bearer eyJhbGciOiJSUzI1NiIs.......

Answer 5 · 2021-10-20T10:45:38.000Z

@robsontenorio
Hi,
I am getting following error if i add a Keyword "Bearer"

"message": "[Keycloak Guard] Signature verification failed",
"exception": "KeycloakGuard\Exceptions\TokenException",

Answer 6 · 2022-02-09T19:38:18.000Z

By reviewing your first comment your are I think you are miss understanding the purpose of this package.

In Postman Request

Method : Get
URL : 127.0.0.1:8000/api/v1/protected-endpoint
Authorization :
Type :Bearer_token , Token {{access_token}}
Body : 
username : "###user@###corp.com"
password : test1
grant_type:password

This package only validates a token the client previously get from some Keycloak Server.
In the request headers to your API should "only contains" the Bearer token. Not user/client credentials it self.