JSON Web Key Store default keys broken after upgrading to beta.6

[Entrio]

Do you want to request a feature or report a bug?
Report a bug

What is the current behavior?
Hydra does not startup

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
Perform a migration from b4->b6

What is the expected behavior?
Hydra should startup )

Which version of the software is affected?
hydra b6

In the error log I get the following error:

time="2018-07-12T09:04:49+06:00" level=fatal msg="Unable to refresh OpenID Connect signing keys." error="public and private key pair kids do not match"

[aeneasr]

I think the issue is that the new generator expects the keys from the JSON Web Key storage to have matching public/private kids. This wasn't the case before and the strategy had a bug which caused the keys to mismatch. Can you sign into the db and run:

DELETE FROM hydra_jwk WHERE sid='hydra.https-tls' OR sid='hydra.openid.id-token'

[Entrio]

After performing those queries, hydra generated new keys but my client now fails to authenticate with the following error:
Client supports client authentication method "client_secret_basic", but method "client_secret_post" was requested.

[aeneasr]

See: https://github.com/ory/hydra/blob/master/UPGRADE.md#oauth-20-clients-must-specify-correct-token_endpoint_auth_method

If you're sending the client credentials in the POST body, this mus be set to client_secret_post. This is part of the OpenID Connect Dynamic Client Registration spec which was implemented with beta.5

[Entrio]

For those like me, the issue was that I needed to update the property of the client in hydra.
Using standard PUT method, change "token_endpoint_auth_method": "client_secret_post"

I think this issue can now be considered closed

[aeneasr]

The original issue will be fixed by hydra re-generating the keys if the format is broken