🐛 Bug Report: Integration with EspoCRM fails due to missing KID in the jwks.json #475

New Issue

Closed

opened 2025-10-08 00:10:18 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2025-10-08 00:10:18 +03:00

Owner

Copy Link

Originally created by @redispade on GitHub.

Reproduction steps

I added pocket-id as OIDC provider in EspoCRM. It authenticates the user but when returning to Espo then fails with a 500 error.
You can replicate this with your own selfhosted espocrm instance or reach out to me for testing.

Expected behavior

.well-known/jwks.json should have the KID value(but I don't know how exactly that works)

Actual Behavior

I enabled debugging in Espo and I get this:
[2024-10-08 11:11:05] CRITICAL: (0) Bad JWK value. :: GET /App/user :: /var/www/html/application/Espo/Core/Authentication/Jwt/Keys/Rsa.php(56)

which goes down to this line of code that checks if any of the values (KID or KTY) are missing
9613437895/application/Espo/Core/Authentication/Jwt/Keys/Rsa.php (L56)

I checked the json on my instance and indeed it's missing KID value(KTY is present as RSA)

Originally created by @redispade on GitHub. ### Reproduction steps I added pocket-id as OIDC provider in EspoCRM. It authenticates the user but when returning to Espo then fails with a 500 error. You can replicate this with your own selfhosted espocrm instance or reach out to me for testing. ### Expected behavior .well-known/jwks.json should have the KID value(but I don't know how exactly that works) ### Actual Behavior I enabled debugging in Espo and I get this: `[2024-10-08 11:11:05] CRITICAL: (0) Bad JWK value. :: GET /App/user :: /var/www/html/application/Espo/Core/Authentication/Jwt/Keys/Rsa.php(56)` which goes down to this line of code that checks if any of the values (KID or KTY) are missing https://github.com/espocrm/espocrm/blob/96134378955a47ef1359ec38e3c755eeeff9bc5f/application/Espo/Core/Authentication/Jwt/Keys/Rsa.php#L56 I checked the json on my instance and indeed it's missing KID value(KTY is present as RSA)

OVERLORD added the bug label 2025-10-08 00:10:18 +03:00

OVERLORD closed this issue 2025-10-08 00:10:19 +03:00

OVERLORD commented 2025-10-08 00:10:22 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Thanks for reporting. This should be fixed in v0.8.1.

@stonith404 commented on GitHub: Thanks for reporting. This should be fixed in `v0.8.1`.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/restrict-email-one-time-access

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#475