[Bug]: Public keys passed to add machine key are not stored in the database

[aDogCalledSpot]

Preflight Checklist

• I could not find a solution in the documentation, the existing issues or discussions
• I have joined the ZITADEL chat

Environment

Self-hosted

Version

2.51.0

Database

PostgreSQL

Database Version

16

Describe the problem caused by this bug

When attempting to log in after adding a machine key as implemented in #7671, the call fails with the error message:

msg="request error" oidc_error.parent="invalid signature (error fetching keys: Not Found: ErrorType=invalid_request Description=Errors.AuthNKey.NotFound Parent=ID=QUERY-SDf32 Message=Errors.AuthNKey.NotFound Parent=(sql: no rows in result set))" oidc_error.description="assertion invalid" oidc_error.type=invalid_request status_code=400

To reproduce

• Add a machine key with a locally generated private key
  • openssl genrsa -out key.pem 2048
  • openssl rsa -in key.pem -pubout > key.pub
• Attempt to log in the service user using key.pem

Screenshots

No response

Expected behavior

The log in works.

Operating System

No response

Relevant Configuration

No response

Additional Context

The issue definitely stems from #7671, however I'm not sure where something is missing.

The key is added successfully and is visible in the frontend so I'm assuming that the public key isn't copied into the database. I don't know where the necessary changes would have to be made to make sure the key is synced into the database.

[aDogCalledSpot]

@livio-a do you maybe have a hunch of what might be causing this issue?

[livio-a]

@aDogCalledSpot do you pass the key id as kid in the header?
https://zitadel.com/docs/apis/openidoauth/authn-methods#jwt-with-private-key