Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jwk: Delete a JWK endpoint deletes a JWK set when dsn is memory #1473

Closed
sawadashota opened this issue Jun 17, 2019 · 0 comments · Fixed by #1474
Closed

jwk: Delete a JWK endpoint deletes a JWK set when dsn is memory #1473

sawadashota opened this issue Jun 17, 2019 · 0 comments · Fixed by #1474

Comments

@sawadashota
Copy link
Contributor

sawadashota commented Jun 17, 2019
edited
Loading

Describe the bug

DELETE /keys/{set}/{kid} endpoint deletes JWK set.
https://www.ory.sh/docs/hydra/sdk/api#delete-a-json-web-key

Reproducing the bug

Steps to reproduce the behavior:

  1. Serve all
$ DSN=memory go run main.go serve all
  1. Create a JWK set
$ go run main.go keys create hydra.openid.id-token --skip-tls-verify --endpoint https://127.0.0.1:4445`

Then, hydra.openid.id-token has 4 keys.

$ go run main.go keys get hydra.openid.id-token --skip-tls-verify --endpoint https://127.0.0.1:4445

{
        "Payload": {
                "keys": [
                        {
                                "alg": "RS256",
                                "e": "AQAB",
                                "kid": "public:a2593c37-ec15-4655-beb9-17b35067b058",
                                "kty": "RSA",
                                "n": "q-3OexL0YgqnhX1IdHhEUdwyx534tVbzGJfOv6nS5ZBWr7JIXyK4vnFEwCcc0Bw40bQkN5WaPAvY0T08fPipsTkFCLDw4-6Hr_TsKMmYPBg83WeW3uHQ8IZ-eD2pZq_Nu382tvQ7NLDSVjGFpRcRMDba817whXypIjVrwjy3yGQxenj61CXdU5BHJ3cahW5TP-maVWTgpbjfvQnjUtJtUEKvsHIk3_M8nJwQHfGBu9iweIb_tgKzoIHE5I-0j7Xbwx5lmwULtfcFqWgvdtuJJf8QAq44300Pb1TpMdaV-m0Lsgm4vlZLB2GF2mo-9zVBm-yIdfAi6YvkrfCUNGQ2IRMJtQQq4ZxXirKqwpkfWsj3vBPhrhPetkVC-flBAGNSTuuiczxigWKI6UwPJFzuoX_sAOoWTPBu9Tg2nsr2iLtfJeJW-DNGN2ijLsFqtV6ccSJUkqqP32K6T5KdQcJyXDxwrgJgnwD_f_5hvNUYn5IwlSjv6PW6oKBucZ_c3bFUb-tSp1uzKctErKBORZRGDLghQnJSQxBKwpwldTS_kfxQ8-4djg-w9gUQqzgMgTwdD_ZrmiIyBeKTtART8NXf4Viwi0StF7Odlf8cWcBZ16W4SIkZtiPQDe-UHdvv_o4y1kLai12-_A7DBxU8Vpv7khbcVYjjT2Ft1DdY6olBdSs",
                                "use": "sig",
                                "x5c": null
                        },
                        {
                                "alg": "RS256",
                                "d": "XU-u3gs2ibOAoimR1myjn84j3UU2g60SOQnDUzCnXqKM-cSIFOIyZGHzT1qq_6Qhjmb3tRdD400GuuFCYA1Rg_cPbV0jEIIYMH58YdKwBgWdmwiq0IK8tJ46K6ZDt5C41wc_OeKp83n4XoF4KFaxpHpRMP8ZCUnUPdXCi2QK1v7R_8eDUvrN-Zl3lMrGoR50nl55vdkHN8pz3BRuxTehzoqy8c-xhb5s6g6ljKrTn5EGjhOu2yjyNq3Xn7kC5XBtOqPXv1_osDTGZOA_yoFyGSYqmVnXUhJvyxvJiJwPQCBI1bMDCoKpK_NZA2bgj6je1_JzSZcwS5L6ZREKTrkIytyAtWrTEhzwN_lqPy6Yxj2DxmEYLxd9Uk856cJS-7bEkVSfo5gesbd0tUlG2Mga51bz3EfFdBTd-a9-ZZuAaqqa5SNewdeqy9Q2AYFK47hcXGtFHRYDVDiDNgl4pVqtYZ9KxOzVTvz5haGPIhSSJyn-01uxSDcIKcD2lMd8iwxKSZRc5XBM50cM5rIdvTqJpq4qj1oET-eH3WFH7ZJLrerY4DOmNq6HEOWhp367XH_S8vJ1JYBxHVpR6hav_oEpxjXAWPdhfpxBkUsaaohd4S_UpPtkW_QUeg3yuHsXWD1qHuWPbYdlkqa049fziYUsOcoekjPSRGVUm7A9Izvc0yE",
                                "e": "AQAB",
                                "kid": "private:a2593c37-ec15-4655-beb9-17b35067b058",
                                "kty": "RSA",
                                "n": "q-3OexL0YgqnhX1IdHhEUdwyx534tVbzGJfOv6nS5ZBWr7JIXyK4vnFEwCcc0Bw40bQkN5WaPAvY0T08fPipsTkFCLDw4-6Hr_TsKMmYPBg83WeW3uHQ8IZ-eD2pZq_Nu382tvQ7NLDSVjGFpRcRMDba817whXypIjVrwjy3yGQxenj61CXdU5BHJ3cahW5TP-maVWTgpbjfvQnjUtJtUEKvsHIk3_M8nJwQHfGBu9iweIb_tgKzoIHE5I-0j7Xbwx5lmwULtfcFqWgvdtuJJf8QAq44300Pb1TpMdaV-m0Lsgm4vlZLB2GF2mo-9zVBm-yIdfAi6YvkrfCUNGQ2IRMJtQQq4ZxXirKqwpkfWsj3vBPhrhPetkVC-flBAGNSTuuiczxigWKI6UwPJFzuoX_sAOoWTPBu9Tg2nsr2iLtfJeJW-DNGN2ijLsFqtV6ccSJUkqqP32K6T5KdQcJyXDxwrgJgnwD_f_5hvNUYn5IwlSjv6PW6oKBucZ_c3bFUb-tSp1uzKctErKBORZRGDLghQnJSQxBKwpwldTS_kfxQ8-4djg-w9gUQqzgMgTwdD_ZrmiIyBeKTtART8NXf4Viwi0StF7Odlf8cWcBZ16W4SIkZtiPQDe-UHdvv_o4y1kLai12-_A7DBxU8Vpv7khbcVYjjT2Ft1DdY6olBdSs",
                                "p": "3jOReSGFBcCtcL7QoFJIOtiLYfBuKU8bkZbOYdvPkRvcTKnhus6OQT8IgbNDTsdcvv6muShmfIdjnbv5VzoNo4GLVS-EPNjQgu4LZXhGVsiKrTfVyse1CYMg8_eMZ_4Vy0C8PqEmcD3MH1gnst5GChQEQPzjPFdtkSx8MJSbg8gTtypYi5_j1YSgzAL2ERlRzroxS_FqAYuOTqgPkMfUu41tg6y8A-39dr0D7lk2znIkuGpJwrQeWGnBbzQNFdRl6sNvlaOuHB543R6D_XNh332BqIH18gWm64R2P3b1vHJhRQavDJZRWT8oL3K8vuN7L2aRJTMyuNZRM1ns6tjH0Q",
                                "q": "xhSl1OQ7OpHZMZUOLARoBVDcAXJYjg0l23b1_dYD1S7h9_y0i1QCocOfNX8jXxFFPnt0Jay3K-jnSnWK7kxs2YL2ibM-gzdGW7yndLPrBgNwmPVD7h-CibNUygcPX-PaOBEd7Dz2yDcX05LowtGyLfOL1Aei0viaI1t0DlF1wTvo8RyDUMZJetHCspYQ9XfndP35zhPLXMCuLiwY_rztxBu_uytqLTsTeAEI9ZnnfkaXKvmQEmeO8f1oa1J6WiL21IT3LlxKCJQyp67efGoQxRJx1YGqwgGw4OPBZKqV2DSEoFUlCiKoIWJQIi8v7dKJBY5zlS4kVXEQU_zklFboOw",
                                "use": "sig",
                                "x5c": null
                        },
                        {
                                "alg": "RS256",
                                "e": "AQAB",
                                "kid": "public:8390de30-b4cd-4f91-8c3a-7c22712b8bf1",
                                "kty": "RSA",
                                "n": "utpjDJxxTN11gblCaT15sdKmZ3169lK64fDDJLQgzgZFTxOqi3-KPoyMHuLIJcK1chf_NyNX8nvCOHqAlckkiQmUWWK_QHSZHdvOJCsBCoEafKtUH29tfBwaZ2JT6Rz8Yc-7DcQq1luOvnp3nDpH94vWRavLZ2NPiRgPeF3TK9RSWCi2dMzahCDAGVGxp1vMtClU1OHxiiusmogddHqCHX3rCfJ2GzuK5BHbjKu08kUjVfsIA-dSeAhygNEVF-SbCwKeEkY1mkM1uqDI7SLf7uBQO3mpS3Xbq4VycCGjJK2iqrOQ3GyRaCqhvTtI8DAwgfLHaxwrisuhSF0ZfzPF3IP65h7f5ScR9ONrk5sTf75JqI0IkgCgWSIKeLsAHQamxGsBx0qHzcn2GhinIY8Z4SNj53FySUwt3glZ6NXDqdSkCT3yQxzgL3ooFmJvVvG5t07fL8X26oHLFoDvSu4E_jz-CxzujAgA7ltZo3qpy9KDIgJEEI3eCagq9GVqLRa1hZThznKKhxhpawdjllhe0x2FdGUiqiO8LNa1TCSYiDSqt6tE5osLErXj2CZx6cpem6zNI8_d8_ui-l8eCpOFYnjrFM0pa9q6BqFi0docqnhtkECUaQtwTnRQwWTJiBKbjhO3tNvJFTzEPc5WfGM4kuI1zv9S0I7YhceoOC_KQgs",
                                "use": "sig",
                                "x5c": null
                        },
                        {
                                "alg": "RS256",
                                "d": "XunT6nIFM3BC4jRCwcaSbHt-P4-DyF_Zwi9UUO6Ww1B4IGTy-o08oe0ut_mmhVfUZzI9V7rCT9ABpkLD0lIsFtgg3Q7F623O4VXn7oNRsg5GcBFvV9B4ItT7rIxL51vr75tffuyofd5gMe1vmJIaQGpt21IarlfJ7O-l3BR80gS2F0YG-GmejgM80R-oSETfRJzCFKj40qDAunZtz97y_RwbKiBZUhf6w0M27MvDzFTGUESFm8YDJCnWUAzk1BAxmXQo60tyqvt87WIC7kIK0gJrfuqbzlL91LCiosbTYiw5NtCjwvP7IJiXM9JLiIZR_ZBfL89NZuFs-Z8g9nZMCIri2J6ETkkv2VCt4mnH4X6QBusNZibzV4u7B7eqo-2RZxS_B90iPZZcNj24yx9dMC8iuboOkTFMcJ2XzsqLDPvswJ-4BD7SRpwwII8SKb-zbHvN718INAUyS90ueHbfjkWBhCOQNF0CHKFQqqNuIBI82qzU3KkGj2V1UO2bgg_PW7cvGJ8IeXEqOYsON5TCZ4BE-vh-9dNdXwsmy5Rd04S5D2zcKA4Yg9-WJxPazMWqfDMWV1AxsvpkWxmQ9hDzWBNc43hbYeNiVlZPJclQEi3zm0lDEXCYYIGE4-qJQ_SJ0YMARZzt0HJWee2DjAEumQsTfiYD_OSVKnp6qAz6pPE",
                                "e": "AQAB",
                                "kid": "private:8390de30-b4cd-4f91-8c3a-7c22712b8bf1",
                                "kty": "RSA",
                                "n": "utpjDJxxTN11gblCaT15sdKmZ3169lK64fDDJLQgzgZFTxOqi3-KPoyMHuLIJcK1chf_NyNX8nvCOHqAlckkiQmUWWK_QHSZHdvOJCsBCoEafKtUH29tfBwaZ2JT6Rz8Yc-7DcQq1luOvnp3nDpH94vWRavLZ2NPiRgPeF3TK9RSWCi2dMzahCDAGVGxp1vMtClU1OHxiiusmogddHqCHX3rCfJ2GzuK5BHbjKu08kUjVfsIA-dSeAhygNEVF-SbCwKeEkY1mkM1uqDI7SLf7uBQO3mpS3Xbq4VycCGjJK2iqrOQ3GyRaCqhvTtI8DAwgfLHaxwrisuhSF0ZfzPF3IP65h7f5ScR9ONrk5sTf75JqI0IkgCgWSIKeLsAHQamxGsBx0qHzcn2GhinIY8Z4SNj53FySUwt3glZ6NXDqdSkCT3yQxzgL3ooFmJvVvG5t07fL8X26oHLFoDvSu4E_jz-CxzujAgA7ltZo3qpy9KDIgJEEI3eCagq9GVqLRa1hZThznKKhxhpawdjllhe0x2FdGUiqiO8LNa1TCSYiDSqt6tE5osLErXj2CZx6cpem6zNI8_d8_ui-l8eCpOFYnjrFM0pa9q6BqFi0docqnhtkECUaQtwTnRQwWTJiBKbjhO3tNvJFTzEPc5WfGM4kuI1zv9S0I7YhceoOC_KQgs",
                                "p": "6jR-2tMcHaZpIL3yvJ5hoXxsTnWxBj8lgTiutHVbF-T3jp2sn3SHyK6SMe5d6o9YkQJDMcoC04Fh4IK3SfRyUiSWiv9TbiIOmqK3kqdEkjtPHRXdqdirCt0ir81EJGxZc7SOmORn4O-F_Mmq4qDUaS3ILMZRxJMEvaOy9mbu4L66RmkPtd4iSD_klAcM6rkPlcnNRiWo1fV9EBdFBcc3aHEwkaaxGkt4vq5SZHGzuTkysOQLZez2jjzB18lMTBOn3Z0BGxEbT8VGZTb035fvU2zrGUIPHQdBHkw3XAjgJVTNnld6GrvjeN7qnUdu1Dkct1OOVQPDzwVGOvGrudQK_w",
                                "q": "zD3RRQbzOl-jUYyVcbf644-gh3EUZ_Nei6b1yqo6ZwySoY_LRoUkMfVplnnyIp-7B_RYQAYw-J9tlDxgJRKCCKD44sachDp2844xVtPkhrwIgY8o8g6hDiSmoPXPzx4WTD_UmqVDsAnf0JhWkJ2x4C7RJ4Qpocmvgsjo6igsRICqATJCksUXJZ2zQhIH_4bg9luMkFbiIEXcU-I_csgWqDsoKPR_tV6djGUSg_V4nNU8N1Wsz7AH_iFShXwmT16WnK6IqpU-krSyBNp8pm_pEavoP_UshEow_NVzMwXohjtuheFa72lHewieuQ2A12b7i5q92Mk8o2Maw3EWqxBE9Q",
                                "use": "sig",
                                "x5c": null
                        }
                ]
        }
}
  1. Delete a JWK

Call delete a JWK API
https://www.ory.sh/docs/hydra/sdk/api#delete-a-json-web-key

$ curl -k -X DELETE -H 'Content-Type:application/json' https://127.0.0.1:4445/keys/hydra.openid.id-token/public:8390de30-b4cd-4f91-8c3a-7c22712b8bf1

Log is as expected.

INFO[1616] completed handling request                    measure#hydra/admin: https://localhost:4444/.latency=66798 method=DELETE remote="127.0.0.1:53138" request="/keys/hydra.openid.id-token/public:8390de30-b4cd-4f91-8c3a-7c22712b8bf1" status=204 text_status="No Content" took="66.798µs"

Then, all hydra.openid.id-token keys are deleted.

$ go run main.go keys get hydra.openid.id-token --skip-tls-verify --endpoint https://127.0.0.1:4445
Unable to execute request: unknown error (status 404): {resp:0xc000438090}
exit status 1

.well-known/jwks.json also returns no keys

$ curl -k https://localhost:4444/.well-known/jwks.json{"error":"Not Found","error_description":"Unable to located the requested resource","status_code":404,"request_id":""}

Expected behavior

Only deleted public:8390de30-b4cd-4f91-8c3a-7c22712b8bf1 key.

Environment

  • Version: v1.0.0-rc.16+oryOS.12
  • Environment: macOS Mojave 10.14.5
  • DSN=memory

Additional context

When running MySQL and following commit hash, it works for me
51c071f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

jwk: Fix memory mamager of JWK deletion sawadashota/hydra
1 participant
@sawadashota