"Could not fetch signing key for OpenID Connect" #439
Comments
|
You either forgot to set SYSTEM_SECRET or used a wrong SYSTEM_SECRET. This is the error you get when that's wrong. Could use a better one of course... |
|
Ah, great. That was it! I had thought that leaving SYSTEM_SECRET empty and allowing the system to generate a system secret was good enough, but yeah of course it's going to try to generate a new system secret on pod recreation. So, yeah, totally my fault; setting SYSTEM_SECRET fixed this. Thanks for the quick response. |
|
I will add a note to the error message to make this more obvious :)
… Am 29.04.2017 um 04:14 schrieb Eric Staples ***@***.***>:
Ah, great. That was it! I had thought that leaving SYSTEM_SECRET empty and allowing the system to generate a system secret was good enough, but yeah of course it's going to try to generate a new system secret on pod recreation. So, yeah, totally my fault; setting SYSTEM_SECRET fixed this.
Thanks for the quick response.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
aeneasr
added this to the 0.8.0: Performance, stability and production-readyness milestone
|
I am experiencing this same issue when attempting to start up hydra in a local docker-compose cluster running against a stock postgres image in the same cluster. This behaviour should be impossible in that case since the postgres container does not save state between runs, yeah? How might this be happening? |
|
did you forget to run hydra migrate before?
… Am 25.05.2017 um 02:09 schrieb Dave Kushner ***@***.***>:
I am experiencing this same issue when attempting to start up hydra in a local docker-compose cluster running against a stock postgres image in the same cluster. This behaviour should be impossible in that case since the postgres container does not save state between runs, yeah? How might this be happening?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@arekkas, I did not but had a misunderstanding about how docker-compose was handling container state which you actually helped me address in the Gitter. Appreciated! |
|
@dkushner could you share your findings re. docker-compose + postgres + Hydra's migrations? |
|
I opened #816 since it seems I can't reopen this issue. I'm having the same problem. I shut down the container and trying to rerun fails. The problem does indeed appear to be the SYSTEM_SECRET but it's because it's not being respected from the command-line. Notice that the logs show If i delete the tables and run migrate again, it works again though the secret is still randomly generated. |
|
See #816
Please avoid dupes in the future, thank you.
… Am 19.03.2018 um 05:40 schrieb nicerobot ***@***.***>:
I'm having the same problem. I shut down the container and trying to rerun fails. The problem does indeed appear to be the SYSTEM_SECRET but it's because it's not being respected from the command-line.
$ echo $SYSTEM_SECRET
27277
$ docker run -d \
--name ory-hydra-example--hydra \
--network hydraguide \
-p 9000:4444 \
-e SYSTEM_SECRET=${SYSTEM_SECRET} \
-e DATABASE_URL=${DATABASE_URL} \
-e ISSUER=https://localhost:9000/ \
-e CONSENT_URL=http://localhost:9020/consent \
-e FORCE_ROOT_CLIENT_CREDENTIALS=admin:demo-password \
oryd/hydra:v0.11.6
Notice that the logs show "Generating a random system secret..." and this happened during the first run so it's actually impossible to restart the server.
$ docker logs ory-hydra-example--hydra
time="2018-03-19T04:25:55Z" level=info msg="Connecting with ***@***.***:5432/hydra?sslmode=disable"
time="2018-03-19T04:25:55Z" level=info msg="Connected to SQL!"
time="2018-03-19T04:25:55Z" level=warning msg="Expected system secret to be at least 32 characters long, got 4 characters."
time="2018-03-19T04:25:55Z" level=info msg="Generating a random system secret..."
time="2018-03-19T04:25:55Z" level=info msg="Generated system secret: 5CedSNF4Rdh9pUs6ZeI1kzJAZcug-mYj"
time="2018-03-19T04:25:55Z" level=warning msg="WARNING: DO NOT generate system secrets in production. The secret will be leaked to the logs."
Could not fetch signing key for OpenID Connect - did you forget to run "hydra migrate sql" or forget to set the SYSTEM_SECRET? Got error: unexpected end of JSON input
If i delete the tables and run migrate again, it works again though the secret is still randomly generated.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Don't worry, just want to avoid people searching for similar issues that are unanswered because of duplication. |
I brought up a Kubernetes pod with Hydra and a fresh mysql database and it spins up fine the first time. If I kill the pod and try to bring it back up I get the following error:
It only seems to happen when Hydra is connecting to an existing mysql db, i.e. on a db where the migrations have already ran.
I do nothing, run no hydra commands, or do anything with the database between starting up the pod for the first time, killing it, and bringing it back up again, which leads me to believe this is a bug and not something I messed up on my end (still very possible it's me; I'm rather new to OAuth2 and OpenID Connect).
I'm using
oryd/hydra:0.7.10andmysql:5.7images. My startup command in hydra is/go/bin/hydra host --dangerous-auto-logon --dangerous-force-httpThe text was updated successfully, but these errors were encountered: