Forum Discussion
Bot authentication fails due to "Signing Key could not be retrieved at JwtTokenExtractor" error
Does anyone have any suggestions on how to resolve the below issue?
TLDR
It seems like Microsoft Teams is sending my bot a key ID (ZyGh1GbBL8xd1kOxRYchc1VPSQQ) that is missing from Microsoft's list of well-known Open ID keys (https://login.botframework.com/v1/.well-known/keys). This means my bot is unable to authenticate messages that Microsoft Teams sends it.
Details
Today a couple of our development and staging apps started getting this error:
JwtTokenExtractor.getIdentity:err! AuthenticationError: Signing Key could not be retrieved
at JwtTokenExtractor.<anonymous> (/home/gabrielx/projects/oss/oss_ms_teams/node_modules/botframework-connector/lib/auth/jwtTokenExtractor.js:174:15)
at Generator.next (<anonymous>)
at fulfilled (/home/gabrielx/projects/oss/oss_ms_teams/node_modules/botframework-connector/src/auth/jwtTokenExtractor.ts:11:1)
at processTicksAndRejections (internal/process/task_queues.js:97:5) {
statusCode: 401
}
This is an expired, decoded JWT from the authorization header from a bot message that Teams sent to my development environment:
{
header: {
alg: 'RS256',
kid: 'ZyGh1GbBL8xd1kOxRYchc1VPSQQ',
typ: 'JWT',
x5t: 'ZyGh1GbBL8xd1kOxRYchc1VPSQQ'
},
payload: {
serviceurl: 'https://smba.trafficmanager.net/amer/',
nbf: 1628117449,
exp: 1628121049,
iss: 'https://api.botframework.com',
aud: '43f91f57-0c80-40a1-bdbb-79c2f2100ef3'
},
signature: 'yEg_trg3mNyA2noHZd20BAjjonR_YxU9hpTodceVQU1yYJmQR89mhJFNiA0QUZJXE95rsw-mGBVHkCQ5A6NUUgxYOs1Dr-9liSox8lm3xSykOIwnU6xLhoF54U6usRjq82es3hEvZbBZ160HVr3LAMagtBcfdS-SSY2SWDWL_FUpAGq835r-IIrSDzV8T5GVIWDFzNSPdqYGT_7iA2QOQDBnouh53V57TGPIBzvylmRyquLe3f_b4MBi4TdpLPXvmlQQejaW10WY2BolHewYVltrIw8q62av997wb4KOa7yh_ZgdaL-CfZAh3DSblzALwR6njPAIJhBttMqMOuBmSg'
}
When I check https://login.botframework.com/v1/.well-known/keys, I do not find the key ID ZyGh1GbBL8xd1kOxRYchc1VPSQQ that was in the above authorization header.
This happens whenever I send my bot a message via Teams. For example, if I type "help" when I am in a personal chat with the bot in https://teams.microsoft.com/
I have restarted my server many times to reset the in-process cache that Microsoft's openIdMetadata.js class maintains.
Versions
botbuilder 4.14.1
Node.js 12
This seems like an issue with the cache. You can reopen this question if you face the same issue in future.
- gabrieldCopper ContributorWhen I came into work this morning, the problem had disappeared from all the apps that were experiencing it yesterday. I checked Microsoft's well-known keys endpoint, and the key ID that was missing yesterday is present today. So this problem is resolved.
But I would still like to know where to submit a support contact if I find myself in a similar situation in the future. I am also interested to know if there was anything that I could have done myself to fix the situation that we were in for hours yesterday. - Meghana-MSFTMicrosoft
This seems like an issue with the cache. You can reopen this question if you face the same issue in future.