Undefined property: stdClass::$jwks_uri

[laharshah]

Everything was working fine with the developer console. Getting error when switch it to the production org account.

Started getting the error after switching to xxx.okta.com from xxx.oktapreview.com

I tried to change issuer from 'https://xxx.oktapreview.com/oauth2/default' to 'https://xxx.okta.com'

Exception trance:

File: /vendor/okta/jwt-verifier/src/JwtVerifier.php
Line: 90
Error: Undefined property: stdClass::$jwks_uri

[bretterer]

Does the issuer you changed to still include the oauth2/default?

Also, on the okta.com domain, you do need to make sure default is the actual id of the authorization server that you have set up.

[laharshah]

@bretterer ,
Thank you for your response.
No I changed the issuer to xxx.okta.com as xxx.okta.com/oauth2/default wasn't working.

There is a page called authorization server in developer console. But it is not there on production admin account.
Do I need to manually add/create the Authorization server to make this work on production?

Here are some more details on different errors:

Here is the php code I used:

$jwtVerifier = (new \Okta\JwtVerifier\JwtVerifierBuilder())
				->setDiscovery(new \Okta\JwtVerifier\Discovery\Oauth)
				->setAdaptor(new \Okta\JwtVerifier\Adaptors\FirebasePhpJwt)
				->setAudience('api://default')
				->setClientId($clientId)
				->setIssuer($issuer)
				->build();
			$oktaJwt = $jwtVerifier->verify($token);

• Error when $issuer = 'https://xxx.okta.com/oauth2/default';

Error: "kid" invalid, unable to lookup correct key

• Error when $issuer = 'https://xxx.okta.com';

Error: Undefined property: stdClass::$jwks_uri

Some information on the frontend which sends the JWT token to be verfied :
At the frontend(Angular 6) I am using Okta hosted login.
At frontend I am using xxx.okta.com only as the issuer. ('/oauth2/default' only worked with the oktapreview.com)

Frontend is working fine and generating JWT token correctly. I use the PHP library to validate the JWT token generated at frontend.

[bretterer]

In your authorization server list, (ie. https://php.okta.com/admin/oauth2/as, you should see something like this.

There you will see the list of authorization servers that are available for your domain. If I wanted to use the Test authorization server, which is one I had to set up, you would use the issuer https://php.oktapreview.com/oauth2/auscnzxwvg4guFNN70h7

Of course, yours would be listed at xxx.okta.com/admin/oauth2/as, since you are using the okta.com` domain now.

[laharshah]

@bretterer

When I tried to access xxx.okta.com/admin/oath2/as page I got 403 - Access Forbidden.

I leared,
This library works fine on oktapreview as the feature is available in developer console. But on production we need to purchase the API Access Management.

I didnot know that the library requires to have API Access Management on production. Thank you for the help. I am closing the issue.