Warp-cli unable to parse JWT teams-enroll-token

Ubuntu 18.04 OS

I perform the following:

  1. warp-cli register
  2. warp-cli connect
  3. Verify via: curl [Cloudflare trace address] and verify that warp=on
  4. warp-cli teams-enroll [team-name]
    5.i get the URL, go to it and use my browsers developer tools to get the URI/token:
    com.Cloudflare.warp://team-name.cloudflareaccess.com/auth?token=XXXXXXXXXXXXXXXXXXXX
  5. warp-cli teams-enroll-token [URI/token]
    This returns “Error: Invalid JWT provided.” I’ve tried using double quotes, single quotes, no quotes. If I don’t include the URI I get "Error: “Failed to parse TokenCallback URL” and per docs it’s required.
  6. However, given the “Error: Invalid JWT provided.”, I’ve decoded the JWT via a number of methods and it looks as you’d expect and has all the relevant data/details. I’m at my wits end, as it seems like the problem lies with warp-cli not reading the JWT properly (which any 3rd party decoder can do fine). As google has shown me I’m apparently the only person who’s even received this error/problem. Anyone have any ideas?
1 Like

I can confirm this issue. I get it on Windows 10, both with warp-cli and the GUI client. Here are the relevant logs:

2022-11-04T18:16:07.036Z  INFO warp::warp_service::ipc_loop: IPC: new connection privileged=false
2022-11-04T18:16:07.036Z DEBUG main_loop: warp::warp_service: Entering main loop arm arm="ipc_requests"
2022-11-04T18:16:07.036Z DEBUG main_loop: warp::warp_service::ipc_handlers: Ipc request: 8d0ce220-66b1-44c9-9783-e2f4b473d35d; GetAppSettings
2022-11-04T18:16:07.036Z DEBUG main_loop: warp::warp_service::ipc_handlers: Ipc response: 8d0ce220-66b1-44c9-9783-e2f4b473d35d; Application settings: GlobalConfiguration { always_on: false, switch_locked: false, auto_connect: None, operation_mode: Warp, disable_for_wifi: false, disable_for_ethernet: false, disable_for_networks: [], families: None, gateway_id: None, enable_dns_log: false, override_endpoint: None, onboarding: true, split_config: Exclude { ips: [(10.0.0.0/8, None), (100.64.0.0/10, None), (169.254.0.0/16, None), (172.16.0.0/12, None), (192.0.0.0/24, None), (192.168.0.0/16, None), (224.0.0.0/24, None), (240.0.0.0/4, None), (255.255.255.255/32, None), (fe80::/10, None), (fd00::/8, None), (ff01::/16, None), (ff02::/16, None), (ff03::/16, None), (ff04::/16, None), (ff05::/16, None)], hosts: [] }, fallback_domains: [FallbackDomain { suffix: "intranet", description: None, dns_server: None }, FallbackDomain { suffix: "internal", description: None, dns_server: None }, FallbackDomain { suffix: "private", description: None, dns_server: None }, FallbackDomain { suffix: "localdomain", description: None, dns_server: None }, FallbackDomain { suffix: "domain", description: None, dns_server: None }, FallbackDomain { suffix: "lan", description: None, dns_server: None }, FallbackDomain { suffix: "home", description: None, dns_server: None }, FallbackDomain { suffix: "host", description: None, dns_server: None }, FallbackDomain { suffix: "corp", description: None, dns_server: None }, FallbackDomain { suffix: "local", description: None, dns_server: None }, FallbackDomain { suffix: "localhost", description: None, dns_server: None }, FallbackDomain { suffix: "home.arpa", description: None, dns_server: None }, FallbackDomain { suffix: "invalid", description: None, dns_server: None }, FallbackDomain { suffix: "test", description: None, dns_server: None }], disable_auto_fallback: false, captive_portal: None, support_url: None, organization: None, auth_client_id: None, auth_client_secret: None, allow_mode_switch: None, unpause_time: None, allow_updates: true, allowed_to_leave: None, disable_connectivity_checks: None, override_doh_endpoint: None, override_cf_api: None, override_tunnel_mtu: None }
2022-11-04T18:16:07.037Z DEBUG main_loop: warp::warp_service: Entering main loop arm arm="ipc_requests"
2022-11-04T18:16:07.037Z DEBUG main_loop: warp::warp_service::ipc_handlers: Ipc request: 313aec2e-be90-4db4-989e-3c7aea977c50; TeamsRegistration
2022-11-04T18:16:07.037Z  WARN main_loop: warp::teams_auth::access_jwt: Failed to parse org from JWT error=Error(ExpiredSignature)
2022-11-04T18:16:07.037Z DEBUG main_loop: warp::warp_service::ipc_handlers: Ipc response: 313aec2e-be90-4db4-989e-3c7aea977c50; Error: Invalid JWT provided.
2022-11-04T18:16:07.037Z  INFO warp::warp_service::ipc_loop: IPC connection ended

I don’t have a solution yet.

I am running WARP version 2022.9.583.0

Decoding the JWT with jstoolset.com/jwt, it looks like it is set to expire 30 seconds after it was issued. So by the time I run the command it is already expired. I think that is the issue here.

One thing you can try. Decode the JWT and compare the issue time to your device’s time. If there is a discrepancy, change your device’s time to match the difference. I set my device back a minute and was able to finally connect.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.