plugin-oauth2 icon indicating copy to clipboard operation
plugin-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon halo-sigs

Failed to authentication with OAuth2 , missing_signature_verifier

Open changchichung opened this issue 6 months ago • 2 comments

我是用 docker-compose 啟動的, docker-compose.yml 內容如下

services:
  halo:
    #image: registry.fit2cloud.com/halo/halo:2.20
    image: registry.fit2cloud.com/halo/halo:2.20.18
    restart: on-failure:3
    depends_on:
      halodb:
        condition: service_healthy
    networks:
      halo_network:
    volumes:
      - ./halo2:/root/.halo2
    ports:
      - "8090:8090"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8090/actuator/health/readiness"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 30s
    environment:
      # JVM 参数,默认为 -Xmx256m -Xms256m,可以根据实际情况做调整,置空表示不添加 JVM 参数
      - JVM_OPTS=-Xmx256m -Xms256m
      - TZ=Asia/Taipei
        #- TZ=Asia/Taipei
    command:
      - --spring.r2dbc.url=r2dbc:pool:postgresql://halodb/halo
      - --spring.r2dbc.username=halo
      # PostgreSQL 的密码,请保证与下方 POSTGRES_PASSWORD 的变量值一致。
      - --spring.r2dbc.password=openpostgresql
      - --spring.sql.init.platform=postgresql
      # 外部访问地址,请根据实际需要修改
      - --halo.external-url=http://192.168.100.2:8090/
  halodb:
    image: postgres:15.4
    restart: on-failure:3
    networks:
      halo_network:
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./db:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD", "pg_isready" ]
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      - POSTGRES_PASSWORD=openpostgresql
      - POSTGRES_USER=halo
      - POSTGRES_DB=halo
      - PGUSER=halo

networks:
  halo_network:

基本上就是照抄官網的教學 在配置 oauth2 的時候,點了 SSO 登入,會導向到 http://192.168.100.2:8090/login?oauth2_error

看了 docker log 發現以下錯誤

halo-1    | 2025-04-21T11:09:41.563+08:00 ERROR 7 --- [or-http-epoll-2] r.h.o.HaloOAuth2AuthenticationWebFilter  : Failed to authentication with OAuth2
halo-1    |
halo-1    | org.springframework.security.oauth2.core.OAuth2AuthenticationException: [missing_signature_verifier] Failed to find a Signature Verifier for Client Registration: 'sso'. Check to ensure you have configured the JwkSet URI.
halo-1    |     at org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory.buildDecoder(ReactiveOidcIdTokenDecoderFactory.java:165) ~[spring-security-oauth2-client-6.4.4.jar:6.4.4]
halo-1    |     at org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory.lambda$createDecoder$3(ReactiveOidcIdTokenDecoderFactory.java:130) ~[spring-security-oauth2-client-6.4.4.jar:6.4.4]
halo-1    |     at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(Unknown Source) ~[na:na]

問題應該在第二行的 missing_signature_verifier

我的SSO Provider 是 Logto , 配置如下

Halo 的 oauth2 配置如下

看錯誤訊息是還要多設定 JWK URI ?? 在 logto 這邊倒是有提供 JWKS URI ,但是 Halo 這邊沒有位置可以輸入 JWKS URI 呀?

請問有沒有什麼建議的解決方法?

changchichung avatar Apr 21 '25 03:04 changchichung