There seems to be a problem with the Cloud s Hydra Visiting Ory Community #ory-network

There seems to be a problem with the Cloud's Hydra...

jolly-tiger-57705

09/21/2022, 8:25 AM

There seems to be a problem with the Cloud's Hydra. Visiting

.well-known/openid-configuration

returns:

Copy code

{
  "error": "server_error",
  "error_description": "The authorization server encountered an unexpected condition that prevented it from fulfilling the request. Could not ensure that signing keys for 'hydra.openid.id-token' exists. If you are running against a persistent SQL database this is most likely because your 'secrets.system' ('SECRETS_SYSTEM' environment variable) is not set or changed. When running with an SQL database backend you need to make sure that the secret is set and stays the same, unless when doing key rotation. This may also happen when you forget to run 'hydra migrate sql.."
}

jolly-tiger-57705

09/21/2022, 8:56 AM

hydra token user

eventually shows an error page:

Copy code

The request could not be executed because a mandatory configuration key is missing or malformed
You are seeing this page because configuration key urls.login is not set.

If you are an administrator, please read the guide to understand what you need to do. If you are a user, please contact the administrator.

fast-lunch-54279

09/21/2022, 9:50 AM

@able-glass-7253 can you take a look, please?

jolly-tiger-57705

09/21/2022, 1:43 PM

Any news?

able-glass-7253

09/21/2022, 1:52 PM

Thanks, I'll look into it

able-glass-7253

09/21/2022, 3:37 PM

@jolly-tiger-57705 @fast-lunch-54279 Thank you for sharing this issue. What I've found so far is that this affects projects that existed before the OAuth2 function release. We are working on a fix to resolve this.

jolly-tiger-57705

09/21/2022, 3:42 PM

I used to work, if its useful I can look for a date when it worked

able-glass-7253

09/21/2022, 3:47 PM

That would be useful. Can you confirm whether it worked more than one time? When I access

/.well-known/openid-configuration

on an existing project, it returns the configuration the first time, but errs on subsequent requests

jolly-tiger-57705

09/21/2022, 6:40 PM

I can NOT confirm it worked more than once, and might have worked 2022-09-15

jolly-tiger-57705

09/21/2022, 6:41 PM

Maybe even 2022-09-19

jolly-tiger-57705

09/26/2022, 11:38 AM

Nothing changed, still not working.

able-glass-7253

09/26/2022, 11:45 AM

Here's a quick fix that you can run before we fix this for all affected projects:

Copy code

$ curl -X DELETE https://<project_slug>.<http://projects.oryapis.com/admin/keys/hydra.openid.id-token|projects.oryapis.com/admin/keys/hydra.openid.id-token> -H 'Authorization: bearer ory_pat_redacted'

$ curl https://<project_slug>.<http://projects.oryapis.com/.well-known/jwks.json|projects.oryapis.com/.well-known/jwks.json>

🙌 1

able-glass-7253

09/26/2022, 11:47 AM

@jolly-tiger-57705 This will generate a new public key to sign tokens. I apologise for the inconvenience

✅ 1

jolly-tiger-57705

09/26/2022, 11:57 AM

It's ok, no worries

282 Views

Open in Slack

Previous Next