Silhouette 5.0.7

I’ve switched from mohiva play silhouette 5.0.0 to 5.0.7, and now I got this error

com.mohiva.play.silhouette.api.exceptions.AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator(0a9ccf13aa05d98e23b80457e6eea1231dfb83704d13416d42ec2360efd1555c1177dde470c536142dd53c47bb271a19b23edbdb86e7dca817890c441c0f0831c89c71075bb5a58db12aa7362a96eefb1b6be728ce5d0fd8b8a3322214c4005dfd61c5db0d14f1217d7d61bcc08867b5986bb416533e86767e66a29602fb3e71,LoginInfo(credentials,postman@user),2019-02-04T22:38:10.124+02:00,2020-02-04T20:38:10.124Z,Some(14 days),None)

Has anyone encountered this issue?

Hi,

do you always get the error or only on an existing authenticator? The JWT dependencies were updated in 5.0.3. Maybe this is an issue.

Best regards,
Christian

First of all, I am testing with newman my endpoints, and I use JWTAuthenticator in my authentication mechanism. I have also tried a while back up upgrade from 5.0.0 to 5.0.6, the the problem was the same. But now, when google is switching off G+, the pressure is higher.

Should I create a issue on github?

It looks like the JWT dependencies are the blame for this.Steps I’ve done:

  • Download mohiva-play library

  • Revert commit 7f5ac41b13e42f6c3dbf47987054e57b8a730e8a

  • publish library on my local machine

  • Test my app

After publishing locally, the issue was gone. May I suggest reverting that commit, and have a new version to fix that?

Hi,

the upgrade of the JWT lib fixes some security issues: https://github.com/mohiva/play-silhouette/issues/534

Have you tried to create a new JWT token and test your API with that? I don’t think there is an issue with Silhouette itself. I think that your token isn’t valid anymore. And if a token isn’t valid anymore, then the user must authenticate again. Normally your stack trace should provide more information.

Best regards,
Christian

Here is the stack trace:

om.mohiva.play.silhouette.api.exceptions.AuthenticatorInitializationException: [Silhouette][jwt-authenticator] Could not init authenticator: JWTAuthenticator(9352ded405653c3284311b7e3116bc51cec7abcdb762913b0664f3f9d477e992175df120b1abd784258dd63c198dc82df0149d3935fb7ab7bd8d74c14632ccc3ff5e2a636e42fc49edfee1283dadea73d35d4d27726c9ad58571a0c4eb0ef30cbee387666875302a7019ba3d6cb8f9bc4ded78ac3b45a94b27ea82d64c2b3c77,LoginInfo(credentials,another@postman),2019-02-08T21:02:02.324+02:00,2020-02-08T19:02:02.324Z,Some(14 days),None)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService$$anonfun$init$4.applyOrElse(JWTAuthenticator.scala:297)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService$$anonfun$init$4.applyOrElse(JWTAuthenticator.scala:296)
	at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:34)
	at scala.util.Failure.recover(Try.scala:230)
	at scala.concurrent.Future.$anonfun$recover$1(Future.scala:391)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
	at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
	at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
Caused by: com.atlassian.jwt.exception.JwtMalformedSharedSecretException: Failed to create MAC signer with the provided secret key
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.createMACSigner(NimbusJwtWriterFactory.java:74)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.macSigningWriter(NimbusJwtWriterFactory.java:49)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticator$.serialize(JWTAuthenticator.scala:114)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService.$anonfun$init$3(JWTAuthenticator.scala:295)
	at scala.util.Success.$anonfun$map$1(Try.scala:251)
	at scala.util.Success.map(Try.scala:209)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:288)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
Caused by: com.nimbusds.jose.KeyLengthException: The secret length must be at least 256 bits
	at com.nimbusds.jose.crypto.MACProvider.<init>(MACProvider.java:118)
	at com.nimbusds.jose.crypto.MACSigner.<init>(MACSigner.java:127)
	at com.nimbusds.jose.crypto.MACSigner.<init>(MACSigner.java:143)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.createMACSigner(NimbusJwtWriterFactory.java:70)
	at com.atlassian.jwt.core.writer.NimbusJwtWriterFactory.macSigningWriter(NimbusJwtWriterFactory.java:49)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticator$.serialize(JWTAuthenticator.scala:114)
	at com.mohiva.play.silhouette.impl.authenticators.JWTAuthenticatorService.$anonfun$init$3(JWTAuthenticator.scala:295)
	at scala.util.Success.$anonfun$map$1(Try.scala:251)
	at scala.util.Success.map(Try.scala:209)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:288)

I’ve been able to overcome over my issue. The whole thing was due the update of jwt libraries, who require that the password hash to has 256 bits.