help request: missing user key in JWT token

[bakuppus]

Description

Our existing JWT token payload not contains key, due to we are getting error "missing user key in JWT token". Here Apache APISIX expects a specific key in the JWT payload, which is not present in our existing token.

Does Apache APISIX's jwt-auth plugin must requires the key value defined in the consumer ?

How to resolve this issue without modifying our existing token payload ?

bala@kubelancer ~ % curl -s -i -X GET "httpbin1.poc.kubelancer.net/get?foo1=bar1&foo2=bar2" -H "Authorization: Bearer ${TOKEN}"HTTP/1.1 401 UnauthorizedDate: Tue, 18 Jun 2024 12:54:08 GMTContent-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/3.9.1

{"message":"missing user key in JWT token"}
bala@kubelancer ~ %

Environment

• APISIX version (run apisix version):
• Operating system (run uname -a):
• OpenResty / Nginx version (run openresty -V or nginx -V):
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):

[hanqingwu]

Yes , key is required https://apisix.apache.org/docs/apisix/plugins/jwt-auth/

[TheShubhendra]

I am also getting the same issue. Our jwt tokens has sub as a key for user_id. Where can i set this key when enabling jwt-auth plugin for routes.

[untilyou2605]

I am also getting the same issue. Our jwt tokens has sub as a key for user_id. Where can i set this key when enabling jwt-auth plugin for routes.

hey @TheShubhendra, have you solved this problem? I got the same issue this is my config "plugins": { "jwt-auth": { "_meta": { "disable": false }, "cookie": "jwt", "header": "authorization", "hide_credentials": false, "key": "sub", "query": "jwt", "secret": "dssaaaxc12" } }

[TheShubhendra]

@untilyou2605 I have added a key field to the JWT payload. In the consumer configuration, you need to specify the value of the key that the jwt-plugin should verify.

For example, if you have two types of API consumers—user and admin:

The JWT for a user should include key: "user". The JWT for an admin should include key: "admin".

When creating consumers in APISIX: Set key: user for the user consumer. Set key: admin for the admin consumer. This ensures that the jwt-plugin validates the JWT against the correct consumer type based on the key field.

[akshayparseja]

I have a consumer created with key as user_id , when adding jwt plugin ive specified the key as user_id as explained above. Still getting same error

spec: authParameter: jwtAuth: value: algorithm: HS256 base64_secret: false exp: 86400 key: user_id lifetime_grace_period: 0 secret:

thats the consumer

and

    - name: jwt-auth
      enable: true
      config:
        key: user_id

thats the plugin for enabling

[Baoyuantop]

I have a consumer created with key as user_id , when adding jwt plugin ive specified the key as user_id as explained above. Still getting same error

spec: authParameter: jwtAuth: value: algorithm: HS256 base64_secret: false exp: 86400 key: user_id lifetime_grace_period: 0 secret:

thats the consumer

and

    - name: jwt-auth
      enable: true
      config:
        key: user_id

thats the plugin for enabling

The issued jwt token needs to contain the key field

[Baoyuantop]

I hope this article https://docs.api7.ai/apisix/how-to-guide/authentication/implement-jwt-auth will help you and reopen it if you still have questions.