OAuth2 Token Error: "Unable to read key from file" on Windows - Suspect Permissions Issue

Vickey_Chavan · February 24, 2025, 12:31pm

I’m running into an issue when trying to obtain an OAuth2 token in my OpenEMR setup.

I’m getting the following error:

Fatal error: Uncaught LogicException: Unable to read key from file file:///var/www/html/openemr/sites/default/documents/certificates/oaprivate.key in /var/www/html/openemr/vendor/league/oauth2-server/src/CryptKey.php:64

Does anyone know if there any security risks of configuring this key to 777 mode

My OpenEMR environment:

OpenEMR version: 7.0

Operating system: Windows

Web server: Apache

PHP version: PHP 8.2

Installation method: Using a package manager

Any insights or suggestions would be greatly appreciated!

adunsulag · February 24, 2025, 4:47pm

@sjpadgett you found a key issue didn’t you on windows, I think you resolved it though right?

@Vickey_Chavan yes there are security risks of making your key fully public. For testing purposes its fine as long as you don’t have real patient data.

Vickey_Chavan · February 24, 2025, 5:09pm

osprivate.key file not exists, do we need to create it ?

adunsulag · February 24, 2025, 5:13pm

From the picture you sent me it looks like the oaprivate.key file exists. I’m not sure what you’re talking about osprivate.key but I’m assuming you have a typo there.

sjpadgett · February 24, 2025, 5:34pm

The file is opened however the key doesn’t pass using the passphrase.
Check the oauth_clients table for your client and the keys table to see if you have a passpharse entry, and the public and private keys(most likely yes as it gets to crypto).
If you want to regenerate keys you have to delete the oauth entries in keys and the files.
Also verify if on xampp the SetEnv OPENSSL_CONF "C:\\xampp\\php\\extras\\ssl\\cacert.pem" or the correct location for your certificate in the C:\xampp\apache\conf\extra\httpd-xampp.conf.
This is important for because auth uses openssl!

Here is relevant code

if (\strpos($keyPath, self::FILE_PREFIX) !== 0 && $this->isValidKey($keyPath, $this->passPhrase ?? '')) {
            $this->keyContents = $keyPath;
            $this->keyPath = '';
            // There's no file, so no need for permission check.
            $keyPermissionsCheck = false;
        } elseif (\is_file($keyPath)) {
            if (\strpos($keyPath, self::FILE_PREFIX) !== 0) {
                $keyPath = self::FILE_PREFIX . $keyPath;
            }

            if (!\is_readable($keyPath)) {
                throw new LogicException(\sprintf('Key path "%s" does not exist or is not readable', $keyPath));
            }
            $this->keyContents = \file_get_contents($keyPath);
            $this->keyPath = $keyPath;
            if (!$this->isValidKey($this->keyContents, $this->passPhrase ?? '')) {
                throw new LogicException('Unable to read key from file ' . $keyPath);
            }
        } else {
            throw new LogicException('Invalid key supplied');
        }