Skip to content

Debug: Add JWKS configuration logging #1407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jchris wants to merge 10 commits into from
Closed

Debug: Add JWKS configuration logging #1407

jchris wants to merge 10 commits into from

Conversation

@jchris
Copy link
Contributor

@jchris jchris commented Dec 1, 2025

Summary

  • Add temporary debug logging to diagnose JWT verification failures with preset keys
  • Improve error messages to show both preset key and JWKS URL verification attempts
  • Test deployment with dual-key configuration (production + development keys)

Debug Logging Added

dashboard/backend/create-handler.ts:67-68

  • Log number of keys and URLs loaded from environment
  • Preview first key format

core/runtime/sts-service/index.ts:372-378

  • Log preset key verification attempts
  • Show coercion results
  • Track success/failure for each key

core/runtime/sts-service/index.ts:414

  • Enhanced error message to include preset key count

Test Results

✅ Local test confirms wellKnown --jsons correctly parses both PEM blocks:

{"keys":[{...key1...}, {...key2...}]}

Next Steps

  1. Deploy to dev environment
  2. Check Cloudflare Workers logs via wrangler tail --env dev
  3. Identify why preset keys aren't working
  4. Fix root cause
  5. Remove debug logging
  6. Deploy fix to production

🤖 Generated with Claude Code

jchris and others added 2 commits December 1, 2025 13:04
@jchris @claude
debug: add JWKS config logging
caff64f 
\ud83e\udd16 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris @claude
chore: enable observability logs for dev environment
7a750ca 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris jchris force-pushed the jchris/debug-jwks-config branch from 969e316 to 7a750ca Compare December 1, 2025 21:12
@jchris @claude
debug: add more logging to sts-service
c7e3b4c 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris @claude
fix: correct CORS header handling
7100579 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris @claude
debug: add kid logging to Clerk verifyToken
5489f09 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris @claude
chore: format create-handler.ts
760aca9 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris @claude
fix: preserve fetch binding for Cloudflare Workers
3473022 
Fixes "Illegal invocation" error when calling fetch in Workers environment.
The fetch function must be called with proper 'this' binding in Cloudflare Workers.

Changes:
- verifyToken: Extract and bind fetch function before creating opts
- fetchWellKnownJwks: Same fix to prevent binding loss
- Remove spread operator that was overwriting safe wrapper

This ensures JWKS fetching works correctly in Workers runtime.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@jchris jchris force-pushed the jchris/debug-jwks-config branch from 220de62 to 3473022 Compare December 2, 2025 01:38
@mabels mabels closed this Dec 3, 2025
@mabels mabels deleted the jchris/debug-jwks-config branch December 3, 2025 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jchris @mabels