Auth with google OIDC

[maaaikoool]

Describe the bug
a.k.a red screen of death. Having this issue after upgrading to v0.8.29.
Everything works fine after rolling back to v0.8.28.

To Reproduce
Steps to reproduce the behavior:

1. Upgrade to v0.8.29
2. Logout
3. See error:

4. Logs:

Caused by: org.apache.shiro.crypto.CryptoException: Unable to init cipher instance.
at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:495)
at org.apache.shiro.crypto.JcaCipherService.initNewCipher(JcaCipherService.java:599)
at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:444)
at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:324)
at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:313)
at org.pac4j.play.store.ShiroAesDataEncrypter.encrypt(ShiroAesDataEncrypter.java:51)
at org.pac4j.play.store.PlayCookieSessionStore.set(PlayCookieSessionStore.java:77)
at org.pac4j.play.store.PlayCookieSessionStore.set(PlayCookieSessionStore.java:29)
at org.pac4j.oidc.redirect.OidcRedirectActionBuilder.addStateAndNonceParameters(OidcRedirectActionBuilder.java:97)
at org.pac4j.oidc.redirect.OidcRedirectActionBuilder.redirect(OidcRedirectActionBuilder.java:72)
at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:109)
at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:79)
at controllers.AuthenticationController.redirectToIdentityProvider(AuthenticationController.java:160)
at controllers.AuthenticationController.authenticate(AuthenticationController.java:87)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$4$$anonfun$apply$4.apply(Routes.scala:450)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$4$$anonfun$apply$4.apply(Routes.scala:450)
at play.core.routing.HandlerInvokerFactory$$anon$3.resultCall(HandlerInvoker.scala:134)
at play.core.routing.HandlerInvokerFactory$$anon$3.resultCall(HandlerInvoker.scala:133)
at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$8$$anon$2$$anon$1.invocation(HandlerInvoker.scala:108)
at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:88)
at play.http.DefaultActionCreator$1.call(DefaultActionCreator.java:31)
at play.core.j.JavaAction$$anonfun$9.apply(JavaAction.scala:138)
at play.core.j.JavaAction$$anonfun$9.apply(JavaAction.scala:138)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:56)
at play.api.libs.streams.Execution$trampoline$.execute(Execution.scala:70)
at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:48)
at scala.concurrent.impl.Future$.apply(Future.scala:31)
at scala.concurrent.Future$.apply(Future.scala:494)
at play.core.j.JavaAction.apply(JavaAction.scala:138)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:96)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:89)
at play.api.libs.streams.StrictAccumulator$$anonfun$mapFuture$2$$anonfun$1.apply(Accumulator.scala:174)
at play.api.libs.streams.StrictAccumulator$$anonfun$mapFuture$2$$anonfun$1.apply(Accumulator.scala:174)
at scala.util.Try$.apply(Try.scala:192)
at play.api.libs.streams.StrictAccumulator$$anonfun$mapFuture$2.apply(Accumulator.scala:174)
at play.api.libs.streams.StrictAccumulator$$anonfun$mapFuture$2.apply(Accumulator.scala:170)
at scala.Function1$$anonfun$andThen$1.apply(Function1.scala:52)
at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:207)
at play.core.server.AkkaHttpServer$$anonfun$14.apply(AkkaHttpServer.scala:357)
at play.core.server.AkkaHttpServer$$anonfun$14.apply(AkkaHttpServer.scala:355)
at akka.http.scaladsl.util.FastFuture$.akka$http$scaladsl$util$FastFuture$$strictTransform$1(FastFuture.scala:41)
at akka.http.scaladsl.util.FastFuture$$anonfun$transformWith$extension1$1.apply(FastFuture.scala:51)
at akka.http.scaladsl.util.FastFuture$$anonfun$transformWith$extension1$1.apply(FastFuture.scala:50)
... 13 common frames omitted
Caused by: java.security.InvalidKeyException: Invalid AES key length: 30 bytes
at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:87)
at com.sun.crypto.provider.GaloisCounterMode.init(GaloisCounterMode.java:302)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:589)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
at javax.crypto.Cipher.implInit(Cipher.java:809)
at javax.crypto.Cipher.chooseProvider(Cipher.java:867)
at javax.crypto.Cipher.init(Cipher.java:1399)
at javax.crypto.Cipher.init(Cipher.java:1330)
at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:488)

Additional context
Might be related to #4351
Reported in slack 1, 2

[c-thiel]

I have the exact same issue with Azure AD.

[c-thiel]

The issue appears in newer versions of the 0.8.28. Docker Image as well. After re-pulling the image 0.8.28 is broken for me too. I have to specify a specific image hash version now for it to work.

[c-thiel]

Is there any update or Workaround on this?

[maaaikoool]

closed by #4418 thanks @jjoyce0510