providers/oauth2: handle attribute errors when validation JWK contains private key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00 · 2022-05-25 22:23:05 +02:00 · 0e0dd2437b
parent e42386b150
commit 0e0dd2437b
1 changed files with 4 additions and 2 deletions
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -311,8 +311,10 @@ class TokenParams:
                            "verify_aud": False,
                        },
                    )
-                except (InvalidTokenError, ValueError, TypeError) as last_exc:
-                    LOGGER.warning("failed to validate jwt", last_exc=last_exc)
+                # AttributeError is raised when the configured JWK is a private key
+                # and not a public key
+                except (InvalidTokenError, ValueError, TypeError, AttributeError) as exc:
+                    LOGGER.warning("failed to validate jwt", exc=exc)

        if not token:
            LOGGER.warning("No token could be verified")