I'm trying to setup a OneLogin mocked service locally using WireMock. So far so good, I was able to mock most of the OAuth OneLogin flow but I can't manage to solve the last part in order to get it working properly...
Whenever I submit credentials on my Mocked OneLogin page and it redirects me back to the application I get error: RPError: failed to validate JWT signature. From the debugging I discovered that the problem is in the mocked OneLogin server on the "jwks_uri": "http://localhost:27442/oidc/2/certs" endpoint. Seems the last part of NextAuth verification which is using jose..compactVerify(jwt, key instanceof Uint8Array ? key : key.keyObject) doesn't match what I've mocked thus not allowing me to proceed with mocked login.
Does anyone know what should the /oidc/2/certs endpoint return to match generated mocked token??
How should the JWT and return value of oidc/2/certs look like to be approved.
I generated JWT on https://jwt.io/
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTY2NjAwMDgwMCwiZXhwIjoxNjY4Njc5MjAwLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjI3NDQyL29pZGMvMiIsImF1ZCI6InNvbWUtY2xpZW50LWlkIn0.QLqLlhoZi7JnqTAYibPkIFPvmC88t4Z7AbUspSX8ENbEnK0NXV_hTxAXLA3-V7TjuIWlrJOvOT7BrHP3N39XV0Vb5pw_X4OY48ce9JQR46x5v3YeU4wgm48sWCIkwRVNDGV0_oF1Pr2Qa4egAVDzLDxtoqrgV4W_wjOI-jxv2r0NWeNvgsSH68PC0qTcgfuLG_k1Sf61CBS-_DKHGznD9gdHc3xJM2Rh3FLQQ5-JHVlE0nB0If8Gx-Q5_cI2VQaDwj-x4VO9qzE2o1zes41NgyP1D85TODegPN6lNvpLMyexIBwl5LYP0WnpW9ZDKziUqVLkuJ4LTnl5jg9ZsbXQ2Q
and looking at onelogin docs I found this https://acme.onelogin.com/oidc/2/certs
How can I match above to be verified successfully? I basically want an infinite JWT (RS256 alg) token that will be verified mitigating OneLogin flow in development environment
After fighting with this for several days I found a solution.
I had to Generate JWT token with appropriate header and payload values on https://jwt.io/#debugger-io then copy public key and generate JWK with it on https://russelldavies.github.io/jwk-creator/