value of 'kid' has invalid format

Hei there!

I have an error that was mentioned once in a discussion here. In my Realm app, I use jwk authentication and try to login from a client. As usual, the request is sent with an auth (bearer) header containint the jwk. My problem is, mongodb realm does not validate the key and constantly gives me the error:

‘value of ‘kid’ has invalid format’.

The ‘kid’ value of my jwt header has a vlaue pointing to the key specified in the .jwks url.

Does anyone already encounter this problem?

Thanks,
Nicolas

Hi Nicolas,

Thanks for posting your first question and welcome to the community!
As it has been a while since you posted this, are you still experiencing this error?

Did you follow the instructions for setting up JWT Authentication as per the article below?

Was the authentication ever working previously or are you implementing this for the first time?

This error should not happen unless the wrong token is being sent or it has been inadvertently modified.

If you’re still seeing this issue it might be best to raise a support ticket with us with the following information:

  • Link to your Realm app
  • SDK your client is using
  • The JWT headers you’re sending

http://cloud.mongodb.com/support

Regards
Manny

I know this is old, but I’m having this issue as well. The kid in the token matches the jwks.json endpoint and has the correct audience as set up in the config. This is my first time trying to set this up and it has never worked. Any help would be appreciated.

We’re also interested in this thread as we’re getting the ‘value of ‘kid’ has invalid format’ error too when trying to integrate our realm with AWS Cognito JWT tokens. It looks like people have done this before (though online doco and examples are limited) but we can’t get past this error. The rest of our settings look okay and the key ID in the token matches the JWKS exactly. One thing we did notice reading the spec is that the Cognito JWT headers don’t include the “typ=JWT” field which is listed as required by Mongo for auth. I’m not sure if that’s related though again there seems to be a precedent for this working.

This is a big factor on whether we shift our backend to MongoDB as we want to stay serverless as much as possible and identity integration is important to us. If anyone has any thoughts or example Cognito configuration they could share that would be much appreciated.

Found the solution to this for me. When you send the token to your service, you send it with the following header

jwtTokenString: [auth token]

so don’t send it has a bearer token. Also, make sure you following the steps in the link provided by the Manny above https://docs.mongodb.com/realm/authentication/custom-jwt/