iOS/Android App HTTP Forbidden

Installation Issues
9

Hello,

It seems something changed in image version 5.2.0-1-ce, and the issue persists through the latest release. These are a clean setups with an identical Docker Compose.

image:5.1.1-1-ce

JWT Authentication

\[PASS\] The JWT Authentication plugin is enabled.
\[FAIL\] The /etc/passbolt/jwt/ directory should not be writable.
\[HELP\] You can try:
\[HELP\] sudo chown -Rf root:www-data /etc/passbolt/jwt/
\[HELP\] sudo chmod 750 /etc/passbolt/jwt/
\[HELP\] sudo chmod 640 /etc/passbolt/jwt/jwt.key
\[HELP\] sudo chmod 640 /etc/passbolt/jwt/jwt.pem
\[PASS\] A valid JWT key pair was found.

\[FAIL\] 1 error(s) found. Hang in there!

jwt keys are created properly.

ls -l /etc/passbolt/jwt/
total 8
-rw-r----- 1 www-data www-data 3268 Oct 30 06:54 jwt.key
-rw-r----- 1 www-data www-data  800 Oct 30 06:54 jwt.pem

jwt/rsa.json is OK

{“header”:{“id”:“80ca05c4-4f3f-4b72-85dc-02e351ce4d8a”,“status”:“success”,“servertime”:1761808102,“action”:“2a80ca92-0e47-5780-b338-3568f3cff69e”,“message”:“The operation was successful.”,“url”:“/auth/jwt/rsa.json”,“code”:200},".....

and I can connect Android device with Passbolt, no issue here.

vs.
image:5.2.0-1-ce

JWT Authentication

\[PASS\] The JWT Authentication plugin is enabled.
\[PASS\] The /etc/passbolt/jwt/ directory is not writable.
\[FAIL\] A valid JWT key pair is missing.
\[HELP\] Run the create JWT keys script to create a valid JWT secret and public key pair:
\[HELP\] sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys” www-data

/bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt create_jwt_keys” www-data

The JWT private key could not be written.

no jwt keys have been deployed.

ls -l /etc/passbolt/jwt/
total 0

{"header":{"id":"bf942988-bb05-4db6-818a-b7064d9b844a","status":"error","servertime":1761811815,"action":"2a80ca92-0e47-5780-b338-3568f3cff69e","message":"The key pair for JWT Authentication is not complete.","url":"\/auth\/jwt\/rsa.json","code":500},"body":""}

and of course, I can no longer connect any Android devices.

It seems that when the jwt directory isn’t writable, no keys are generated. However, according to the health check, this is considered a valid state.
So what’s the next step? Is there a possible permanent fix for this?

Can't register users "Something went wrong"