apisix icon indicating copy to clipboard operation
apisix copied to clipboard

Published 20 hours ago verified publisher icon apache

bug: 使用openid-connect插件-public-key一直报错

Open hnlzwaq opened this issue 2 years ago • 5 comments

Current Behavior

对public-key进行了各种设置,都无法离线验证jwt token 第一种直接设置公钥,不行 第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ,还是不行 第三种对公钥做base64转换还是不行

Expected Behavior

我期望设置一个公钥字符串就可以验证通过,可是怎么样都不行

希望作者对public_key有明确的定义说明

Error Logs

No response

Steps to Reproduce

最后的解决办法是, 增加了一个 "public_key_from_odic": true, 替换了"public_key"参数, 同时修改了 脚本 openid-connect.lua 中的第182行 if conf.public_key_from_odic then , 目前公钥从openId-connect中心获取,完美解决问题

Environment

  • APISIX version (run apisix version):
  • Operating system (run uname -a):
  • OpenResty / Nginx version (run openresty -V or nginx -V):
  • etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
  • APISIX Dashboard version, if relevant:
  • Plugin runner version, for issues related to plugin runners:
  • LuaRocks version, for installation issues (run luarocks --version):

hnlzwaq avatar Jul 19 '22 06:07 hnlzwaq

对public-key进行了各种设置,都无法离线验证jwt token 第一种直接设置公钥,不行 第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ,还是不行 第三种对公钥做base64转换还是不行

see: https://github.com/apache/apisix/blob/ccd70dff214f68a223d07e3a80148dbe92e9fa51/t/plugin/openid-connect.t#L462-L507

tzssangglass avatar Jul 19 '22 09:07 tzssangglass

遇到了同样的问题

ipanocloud avatar Aug 29 '22 12:08 ipanocloud

对public-key进行了各种设置,都无法离线验证jwt token 第一种直接设置公钥,不行 第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ,还是不行 第三种对公钥做base64转换还是不行

see:

https://github.com/apache/apisix/blob/ccd70dff214f68a223d07e3a80148dbe92e9fa51/t/plugin/openid-connect.t#L462-L507

"public_key": "-----BEGIN PUBLIC KEY-----\n]] .. [[MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANW16kX5SMrMa2t7F2R1w6Bk/qpjS4QQ\n]] .. [[hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ==\n]] .. [[-----END PUBLIC KEY-----", 这里[[\n]] 能代表什么意思呢

ipanocloud avatar Aug 29 '22 12:08 ipanocloud

"public_key": "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9jEbKgIL0Pu9suixeV+y+vxUOb9TOTd/sUckg+xCqfsRubGjFlyLn/pRXa5fn7+uD+m/S3SMoSlJSBKKMcEMGGFUIHmjuD9CI3yO918RpM6o/+g658P0p//t5BtinyPBgjAzxJQ6orUOTMsLlksQh9eMEHcw1FmG10n8uoihtcP8kgjCs2IL//CSC8NaDVvDlC3b11eafCyvxvv92GAXH1g9XoK8jGD8VvhvQhUso19bFyvxuBIeFqTLKfULIC8xxMPgoAAklXjYZVnPtGCsIVHRlmwuljCTvrJphDqbtPRuVuFbUhp0aKDfsTKZeFErJ0oUCzdjo8tA5kb+6cpDwIDAQAB-----END PUBLIC KEY-----", 这种格式无法识别嘛 ?

ipanocloud avatar Aug 29 '22 12:08 ipanocloud

这里[[\n]] 能代表什么意思呢

line break

tzssangglass avatar Aug 29 '22 12:08 tzssangglass

Given a public key, how to get the format presented in test cases? I tried several ways to break a public key into the format presented in test cases, but failed @tzssangglass

datavisorzhizhu avatar Feb 13 '23 03:02 datavisorzhizhu

does this issue still remain?

kayx23 avatar Dec 21 '23 22:12 kayx23