Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generating API access token throws error:0909006C:PEM #185

Closed
R0Wi opened this issue Dec 24, 2022 · 5 comments
Closed

Generating API access token throws error:0909006C:PEM #185

R0Wi opened this issue Dec 24, 2022 · 5 comments
Labels
Area: PHP8 Issues & PRs related to the CRM when using PHP8 Status:Requires Updates Issues & PRs which requires input or update from the author Type:Bug Something isn't working

Comments

@R0Wi
Copy link

R0Wi commented Dec 24, 2022

When trying to create a new API access token, I get the following error message:

It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line

Preparations for API usage have been done like stated in

Issue

When calling the API access token endpoint {{server}}/legacy/Api/access_token via POST request, the server gives me an error 500 with the following JSON response:

{
    "error": "unknown_error",
    "message": "It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line"
}

Expected Behavior

Server response 200 containing a valid access token

Actual Behavior

Response mentioned above. No furhter logs.

Possible Fix

The projects uses "lcobucci/jwt": "3.3.3"

SuiteCRM-Core/composer.json

Line 49 in 91064df

"lcobucci/jwt": "3.3.3",

which officially doesn't support PHP 8.0 (see https://packagist.org/packages/lcobucci/jwt#3.3.3). Updating this dependency might help but I'm not sure if this is the root cause. Like stated in some of the source below, this error seems to be related to the PHP version. Some mention that a downgrade to PHP 7.4 would help. Since this version is already deprecated, that's no option for me.

Steps to Reproduce

  1. Setup SuiteCRM for API usage
  2. Call {{server}}/legacy/Api/access_token with valid credentials

Your Environment

  • SuiteCRM Version used: 8.2.1
  • Environment name and version: MySQL, PHP 8.0
  • Operating System and version: Docker, docker-compose with Bitnami image

Links to similar issues
@R0Wi
Copy link
Author

R0Wi commented Dec 25, 2022

I did some more research and debugging and here are my results:

indeed the error seems to come from lcobucci/jwt library. PHP 8.0 compatibility was introduced by lcobucci/jwt@be0f2f9#diff-6019fde4d9e0d7d2d060b7fd9d8ebd89f85be6d89f61de292660c9a01bea8ca9R84 which fixed a breaking change in PHP 8.0. According to the docs for openssl_pkey_get_private:

8.0.0 | On success, this function returns an OpenSSLAsymmetricKey instance now; previously, a resource of type OpenSSL key was returned

I applied the patch of that one line manually and was able to create access tokens again. So an update of lcobucci/jwt to >= 4.0.0 would be sufficient. But since this is also a dependency of league/oauth2-server, that package would also need to be upgraded. This in turn introduces some breaking code API changes which have to be implemented first.

If upgrading the packages accordingly and adjusting the code to the new API would be a solution for you, I could image creating a PR for this.

@R0Wi R0Wi mentioned this issue Dec 25, 2022
Closed
@corearchitect
Copy link

I applied the patch of that one line manually and was able to create access tokens again.

Which specific line did you patch manually?

@R0Wi
Copy link
Author

R0Wi commented Mar 27, 2023

This line here. Basically just replacing ! is_resource($key) with is_bool($key) in the jwt vendors subfolder which is created by composer.

If you scroll up, you can see that the patch is included in jwt >= 4.0.0
image

So I guess upgrading this dependency should fix the problem.

@johnM2401 johnM2401 added Type:Bug Something isn't working Status:Requires Updates Issues & PRs which requires input or update from the author Area: PHP8 Issues & PRs related to the CRM when using PHP8 labels Jun 1, 2023
@johnM2401
Copy link

Hey!

Thanks for getting in touch @R0Wi

I believe issues with PHP8 / V8 API compatability were resolved in the most recent release, 8.3.0, as we merged this PR: salesagility/SuiteCRM#9965
(Which seems to cover the upgrading of the packages you noted above)

When you get a moment, would you be able to give 8.3.0 a try and let us know if you are still having issues with the API?

Thanks!

@florian-besser
Copy link

florian-besser commented Sep 26, 2023
edited

Hey @johnM2401 I think salesagility/SuiteCRM#9965 did indeed fix the issue. We're using the bitnami helm charts to install SuiteCRM and using the newest SuiteCRM version 7.13.4 (from docker image docker.io/bitnami/suitecrm:7.13.4-debian-11-r15) does indeed no longer need these fixes.

As long as /bitnami/suitecrm/Api/V8/OAuth2/private.key and /bitnami/suitecrm/Api/V8/OAuth2/public.key are present it'll read them without issues.

Debug output for PHP version:

I have no name!@suite-crm-suitecrm-848fb858d7-wjgdm:/$ php -v
PHP 8.0.29 (cli) (built: Jul 24 2023 21:31:03) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.29, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.29, Copyright (c), by Zend Technologies

@R0Wi R0Wi closed this as completed Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: PHP8 Issues & PRs related to the CRM when using PHP8 Status:Requires Updates Issues & PRs which requires input or update from the author Type:Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@corearchitect @florian-besser @johnM2401 @R0Wi