Unknown key used in Forge Invocation Token

One of my apps is impacted by the issue that an unknown key is used to sign the Forge Invocation Token leading to error JWK is not valid Signed JWT rejected: Another algorithm expected, or no matching key(s) found
I found that at least for a dev instance the key {"kid":"forge/invocation-token/6c541a2b-2071-4702-adea-2344598fc66c","alg":"RS256"} but this is not listed on https://forge.cdn.prod.atlassian-dev.net/.well-known/jwks.json

Simple redeploys and reinstalls of the Forge app and Remote don’t seem to do the trick in fixing it leading me to belief this is Forge platform related.

1 Like

Hi @markrekveld , thanks for bringing this to our intention, I had a look and there was a pipeline which we use to deploy the JWKS file which got stuck in a bad state. I re-ran our pipeline manually and the JWKS file should be in sync now, the issue should no longer persist. Apologies for any inconvenience.

3 Likes

Thanks @BoZhang I see it working again

1 Like

Hi, I was just about to open a new question as well, but I’ll join yours.

I’m trying to validate queries executed through Forge to my back-end application, but I’m getting an error during validation.

Signature validation failed. The token's kid is: 'forge/invocation-token/6c541a2b-2071-4702-adea-2344598fc66c', but did not match any keys.

I tried to use keys from documentation: https://forge.cdn.prod.atlassian-dev.net/.well-known/jwks.json but that didn’t work, i also found another keys at https://forge.cdn.dev.atlassian-dev.net/.well-known/jwks.json, but them are not working too.

Hi @ukaszBoru, there was an issue yesterday where one of our deployment pipelines failed and caused us to be stuck in a bad state. We’ve been able to manually resolve the issue and have created some action items upon ourselves to improve this pipeline. The particular key that you are referring to should now be in the JWKS, apologies for the inconvenience.

2 Likes