Description

In rare cases, it is possible for FusionAuth to return an HTTP status of 500 from the JWKS endpoint when certain key modification operations are in progress. Additionally, the following log message may be recorded:

2023-07-25 10:33:28.712 PM ERROR org.primeframework.mvc.PrimeMVCRequestHandler - Error encountered
com.fasterxml.jackson.databind.JsonMappingException: Index 1 out of bounds for length 0 (through reference chain: io.fusionauth.domain.oauth2.JWKSResponse["k
eys"]->java.util.ArrayList[1])

Affects versions

FusionAuth <= 1.46.0

Steps to reproduce

This issue is typically only seen while under high load, but may be reproducible with the following:

• Create a load test to repeatedly make requests against the JWKS endpoint.
• Generate or delete RSA keys from the console or API.

Expected behavior

A successful JWKS response to all requests.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Release Notes

Correct a potential race condition that could cause a request to the /.well-known/jwks.json endpoint to exception and return a 500 status code when under heavy load.