Hi,
I hope to find everyone well.
Over the weekend my ziti network is refusing to route anyone’s traffic. When checking the logs on the public router I see this
{"error":"token is unverifiable: error while executing keyfunc: public key not found","file":"github.com/openziti/ziti/router/state/manager.go:715","func":"github.com/openziti/ziti/router/state.(*ManagerImpl).GetApiSession","level":"error","msg":"JWT validation failed","time":"2025-12-22T14:49:48.355Z"}
Everything was fine last week so I am not sure what happened. We are using an ext-jwt-signer, and the OIDC login flow works. We can still click on the authorize with IDP, login and the Desktop client shows we have a session.
But when we try to reach any service we get a connection refused error in the browser and those logs on my router pod.
Also the issue seems to persist even for non ext-jwt users (users with a JWT provided by the ziti controller itself).
Lastly, I also tested from a fresh mobile device using the ext-jwt signer and I can access services from my phone.
Seems like there could be an issue with the clients but I am not sure.
Ziti controller 1.7.0
ziti router 1.6.5