Silhouette 5.0.7


#1

I’ve switched from mohiva play silhouette 5.0.0 to 5.0.7, and now I got this error

com.mohiva.play.silhouette.api.exceptions.AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator(0a9ccf13aa05d98e23b80457e6eea1231dfb83704d13416d42ec2360efd1555c1177dde470c536142dd53c47bb271a19b23edbdb86e7dca817890c441c0f0831c89c71075bb5a58db12aa7362a96eefb1b6be728ce5d0fd8b8a3322214c4005dfd61c5db0d14f1217d7d61bcc08867b5986bb416533e86767e66a29602fb3e71,LoginInfo(credentials,postman@user),2019-02-04T22:38:10.124+02:00,2020-02-04T20:38:10.124Z,Some(14 days),None)

Has anyone encountered this issue?


#2

Hi,

do you always get the error or only on an existing authenticator? The JWT dependencies were updated in 5.0.3. Maybe this is an issue.

Best regards,
Christian


#3

First of all, I am testing with newman my endpoints, and I use JWTAuthenticator in my authentication mechanism. I have also tried a while back up upgrade from 5.0.0 to 5.0.6, the the problem was the same. But now, when google is switching off G+, the pressure is higher.


#4

Should I create a issue on github?


#5

It looks like the JWT dependencies are the blame for this.Steps I’ve done:

  • Download mohiva-play library

  • Revert commit 7f5ac41b13e42f6c3dbf47987054e57b8a730e8a

  • publish library on my local machine

  • Test my app

After publishing locally, the issue was gone. May I suggest reverting that commit, and have a new version to fix that?


#6

Hi,

the upgrade of the JWT lib fixes some security issues: https://github.com/mohiva/play-silhouette/issues/534

Have you tried to create a new JWT token and test your API with that? I don’t think there is an issue with Silhouette itself. I think that your token isn’t valid anymore. And if a token isn’t valid anymore, then the user must authenticate again. Normally your stack trace should provide more information.

Best regards,
Christian


#7

Here is the stack trace:

om.mohiva.play.silhouette.api.exceptions.AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator(9352ded405653c3284311b7e3116bc51cec7abcdb762913b0664f3f9d477e992175df120b1abd784258dd63c198dc82df0149d3935fb7ab7bd8d74c14632ccc3ff5e2a636e42fc49edfee1283dadea73d35d4d27726c9ad58571a0c4eb0ef30cbee387666875302a7019ba3d6cb8f9bc4ded78ac3b45a94b27ea82d64c2b3c77,LoginInfo(credentials,another@postman),2019-02-08T21:02:02.324+02:00,2020-02-08T19:02:02.324Z,Some(14 days),None)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService$$anonfun$init$4.applyOrElse(JWTAuthenticator.scala:297)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService$$anonfun$init$4.applyOrElse(JWTAuthenticator.scala:296)
	at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:34)
	at scala.util.Failure.recover(Try.scala:230)
	at scala.concurrent.Future.$anonfun$recover$1(Future.scala:391)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
	at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
	at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
Caused by: com.atlassian.jwt.exception.JwtMalformedSharedSecretException: Failed to create MAC signer with the provided secret key
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.createMACSigner(NimbusJwtWriterFactory.java:74)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.macSigningWriter(NimbusJwtWriterFactory.java:49)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticator$.serialize(JWTAuthenticator.scala:114)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService.$anonfun$init$3(JWTAuthenticator.scala:295)
	at scala.util.Success.$anonfun$map$1(Try.scala:251)
	at scala.util.Success.map(Try.scala:209)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:288)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
Caused by: com.nimbusds.jose.KeyLengthException: The secret length must be at least 256 bits
	at com.nimbusds.jose.crypto.MACProvider.<init>(MACProvider.java:118)
	at com.nimbusds.jose.crypto.MACSigner.<init>(MACSigner.java:127)
	at com.nimbusds.jose.crypto.MACSigner.<init>(MACSigner.java:143)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.createMACSigner(NimbusJwtWriterFactory.java:70)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.macSigningWriter(NimbusJwtWriterFactory.java:49)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticator$.serialize(JWTAuthenticator.scala:114)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService.$anonfun$init$3(JWTAuthenticator.scala:295)
	at scala.util.Success.$anonfun$map$1(Try.scala:251)
	at scala.util.Success.map(Try.scala:209)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:288)

#8

I’ve been able to overcome over my issue. The whole thing was due the update of jwt libraries, who require that the password hash to has 256 bits.