From 0e0dd2437b6f11596c9e410c81e6a46e3024dd4a Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 25 May 2022 22:23:05 +0200
Subject: [PATCH] providers/oauth2: handle attribute errors when validation JWK
 contains private key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/oauth2/views/token.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index 72b13a33b..c73669919 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -311,8 +311,10 @@ class TokenParams:
                             "verify_aud": False,
                         },
                     )
-                except (InvalidTokenError, ValueError, TypeError) as last_exc:
-                    LOGGER.warning("failed to validate jwt", last_exc=last_exc)
+                # AttributeError is raised when the configured JWK is a private key
+                # and not a public key
+                except (InvalidTokenError, ValueError, TypeError, AttributeError) as exc:
+                    LOGGER.warning("failed to validate jwt", exc=exc)
 
         if not token:
             LOGGER.warning("No token could be verified")