express-gateway
express-gateway copied to clipboard
Published
20 hours ago •
ExpressGateway
ExpressGateway
Get user credentials when use oauth2 method
I use express gateway for my app This is my config
system.config.yml
db:
redis:
emulate: true
namespace: EG
crypto:
cipherKey: sensitiveKey
algorithm: aes256
saltRounds: 10
session:
secret: keyboard cat
resave: false
saveUninitialized: false
accessTokens:
timeToExpiry: 7200000
tokenType: 'jwt'
issuer: 'express-gateway'
audience: 'something'
subject: 'somebody'
secretOrPrivateKey: 'ssssst'
refreshTokens:
timeToExpiry: 7200000
authorizationCodes:
timeToExpiry: 300000
My app
{
"name": "app-test",
"redirectUri": "https://google.com",
"isActive": true,
"id": "72f2753d-8abd-4725-a13f-3142074a913d", // <=== App ID
"userId": "5612f63e-64c3-480a-959c-2aa885a92dbf",
"createdAt": "Fri Mar 22 2019 16:35:42 GMT+0700 (Indochina Time)",
"updatedAt": "Fri Mar 22 2019 16:35:42 GMT+0700 (Indochina Time)"
}
My user
{
"firstname": "ba",
"lastname": "ba",
"username": "ba",
"email": "[email protected]",
"redirectUri": "https://g.com",
"isActive": true,
"id": "5612f63e-64c3-480a-959c-2aa885a92dbf", // <=== User ID
"createdAt": "Fri Mar 22 2019 16:09:22 GMT+0700 (Indochina Time)",
"updatedAt": "Fri Mar 22 2019 16:09:22 GMT+0700 (Indochina Time)"
}
But when I use Postman to authticate with server /oauth2/token, I got back this
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb25zdW1lcklkIjoiNzJmMjc1M2QtOGFiZC00NzI1LWExM2YtMzE0MjA3NGE5MTNkIiwic2NvcGVzIjoiIiwiaWF0IjoxNTUzMjQ5MTMxLCJleHAiOjE1NjA0NDkxMzEsImF1ZCI6InNvbWV0aGluZyIsImlzcyI6ImV4cHJlc3MtZ2F0ZXdheSIsInN1YiI6InNvbWVib2R5In0.d8MLV4azAifgoYKDllqjA0l9ltJlxT6O5KVUCujOPSY
{
"consumerId": "72f2753d-8abd-4725-a13f-3142074a913d",
"scopes": "",
"iat": 1553249131,
"exp": 1560449131,
"aud": "something",
"iss": "express-gateway",
"sub": "somebody"
}
- (72f2753d-8abd-4725-a13f-3142074a913d) is not my user id, how I get my user id downto endpoint service?
- Why sub fields in jwt response token and config are same. I think sub field in jwt token must be userId or appID !!!! This "sub" field can not remove from config !!!
Thanks
@aroopghoshtarento @duongvanba
Apparently you're both facing the same problem of receiving the application detail instead of the user details, which is what probably you're looking for.
Although the identity code in Express Gateway is effectively a mess, I still think it works correctly. I need your help to identify the issue (if any) and solve it.
Would it be possible to provide a detailed step-to-step reproduction guide?
- System and Gateway configuration files
- ALL the CURL calls doing to the server (or EG CLI Commands), from user/app creation to login and stuff?
Otherwise I'm fundamentally blind here and I cannot really help you.
