Skip to content

Changed: Minimal password length 32#20

Merged
djuarezgf merged 1 commit intomainfrom
bugfix/client-secret-length
Jul 7, 2025
Merged

Changed: Minimal password length 32#20
djuarezgf merged 1 commit intomainfrom
bugfix/client-secret-length

Conversation

@djuarezgf
Copy link
Member

@djuarezgf djuarezgf commented Jul 7, 2025

Summary

After logging into Opal using Authentik as the OIDC provider, we encountered the following error:

2025-07-07 12:35:25.715 | Caused by: com.nimbusds.jose.KeyLengthException: The secret length must be at least 256 bits
2025-07-07 12:35:25.715 | 	at com.nimbusds.jose.crypto.impl.MACProvider.<init>(MACProvider.java:118)
2025-07-07 12:35:25.715 | 	at com.nimbusds.jose.crypto.MACVerifier.<init>(MACVerifier.java:168)

Cause

The error was caused by the OIDC client secret (password) being too short. The current password was 30 characters long, but the MACVerifier requires a minimum of 256 bits (32 characters) for HMAC algorithms.

Fix

We increased the default password length by updating the value of PASSWORD_LEN from 30 to 32 characters to satisfy the required key length for OIDC authentication.

@djuarezgf djuarezgf requested a review from Martin1088 July 7, 2025 11:14
@djuarezgf djuarezgf merged commit b92c7c8 into main Jul 7, 2025
2 checks passed
@djuarezgf djuarezgf deleted the bugfix/client-secret-length branch July 7, 2025 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Martin1088 Martin1088 Martin1088 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@djuarezgf @Martin1088