gravitee-docs icon indicating copy to clipboard operation
gravitee-docs copied to clipboard

Published 20 hours ago verified publisher icon gravitee-io

[policy] [jwt] Couldn't find clear doc to use JWT predefined policy

Open NicolasGeraud opened this issue 6 years ago • 12 comments

see gravitee-io/issues#462

NicolasGeraud avatar Jul 13 '18 08:07 NicolasGeraud

Hi Team,

I tried to implement JWT polices to accessing the Gravitee server but it always return me 401. I could not find anything on the log file.

I call the following :

GET http://localhost:8082/urs HTTP/1.1 User-Agent: Fiddler Host: localhost:8082 X-Gravitee-Api-Key: af8472b6-af00-49fd-9898-b99fe3b93bdb Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM5NGE3MTk4OGNhYTZjYzMwNjAxZTQzZjViNjU2OWQ1MmNkN2Y2ZGYiLCJqdGkiOiIzOTRhNzE5ODhjYWE2Y2MzMDYwMWU0M2Y1YjY1NjlkNTJjZDdmNmRmIiwiaXNzIjoibXkuYXV0aG9yaXphenRpb24uc2VydmVyIiwiYXVkIjoidGVzdDEyMyIsInN1YiI6Iml5YW5pdHJhIiwiZXhwIjoxNDgzNzExNjUwLCJpYXQiOjE0ODM3MDgwNTAsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJzY29wZSI6Im9uZXNjb3BlIHR3b3Njb3BlIn0.B3cGvpCjHxMqp_vg-PAEEbJu-pVJOuVS7pn2nl5JhXN0rGrt0mBHMdjidISt5fzmG-rsa0jgmbaFPrNeG9yR09hz1_gNKPYhPU6besyAmXdIRU3mJVIK1MCbxwSmLULrxRjjDxgvpE4QeXA30D70RyOI7uJUNGNSAlyOg5Ajx_gNQFw8RUhdRzlFQqfjEikm1DQjM6EnVnGTda0qwaPtBz7BE5Is_vPSDh4om5JhQaWEjHF9E5fp648bc4lKOhrAySiNOoI5LrB2g1c_Hia2iQiNRfdMe_40OHWCMtouNFqcQflOfH8B3k8RN0x-Zsu0tpnPvdf4RBg4tH3oPnfAbQ Content-type: application/json Content-Length: 0

And i setup my API Server using JWT Policy image

this i the value in the Resolver parameter ssh-rsa MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluyrsHnpzB6+gi76OW9YFIKwkbKBIGujl01iBWAkxDCMCQhemVzCBmjlp8lpszL/Pg/r38eLEae+qMQljQJjd0GICKo2mIO/7/jsLs0vtsU3jbPB1OKjBNiYI+ndSnYAHkVQxcNqzwdHGtCugWAMFQWTg+ksEZRe0GBpXgbTKqw0Bukhe59NkFQSQw4c+KQy71edZ3qpSsp5QKTaznEBq9l57t0DFQrC2117jLjWnGNide2Dh3O9MZ9YPBjCA/D1W4PZLelTbpvl1Nts4gVRwVMQx0zzNaiCdNFgKUAluPRs2YZUqF0lvVBV4P+/XLjGCB2fv8Go6O+p7ktNoBGsCwIDAQAB [email protected]

Am i missing something here ?

stani0502 avatar Jan 18 '19 11:01 stani0502

Yes, I think you miss something...

Seems that your JWT is expired....

brasseld avatar Jan 18 '19 11:01 brasseld

Is there a way for me to check? I mean if jwt fail, for example because in valid public key or because token expired. Because i tried checking on log file there no information about it or do i need enable something to show more information in the log file?

stani0502 avatar Jan 18 '19 12:01 stani0502

which version of g.io are you using ?

brasseld avatar Jan 18 '19 13:01 brasseld

i just tried updating my token using valid time, and still not working.

this is my token eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM5NGE3MTk4OGNhYTZjYzMwNjAxZTQzZjViNjU2OWQ1MmNkN2Y2ZGYiLCJqdGkiOiIzOTRhNzE5ODhjYWE2Y2MzMDYwMWU0M2Y1YjY1NjlkNTJjZDdmNmRmIiwiaXNzIjoibXkuYXV0aG9yaXphenRpb24uc2VydmVyIiwiYXVkIjoidGVzdDEyMyIsInN1YiI6InVzZXIxIiwiZXhwIjoxNTc3ODM2ODAwLCJpYXQiOjE1NDc4MTcxMjEsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJzY29wZSI6Im9uZXNjb3BlIHR3b3Njb3BlIn0.eUy10S09QPf2OZhtSGJAD4vVvZwcdXKt2JeEhi-An0FXvuTlDiOFtAw2x7Unm7TJuPPNRh8AvQgLHT-jFALMRHprCjE9A4IYVYAC1002PUKbj5nz773yUwl1whgouErAvSAZISNksdKHyWUYNZWy09RdNhOzaoLGqLLwCSybkYos0qXz2R5705fDbe1zpuq1TljwN7KM8RJaaJ8wsFJkOG3uVEjgpOUpDQOlccci8j_ZUBFeVrWk7W2r1iBcmqWt0vUkAcz0nOxxfwhW5jvjfUKWZaKUlx-VkHtqspBcgsXumjvq_WR8AMYhuc8EyKEhe4RGrXYM7qbIR3iELlUpUQ

i'm using graviteeio-gateway-1.21.2

stani0502 avatar Jan 18 '19 13:01 stani0502

Ok, I am able to reproduce with your signature and your jwt.

let me see what's going wrong there.

brasseld avatar Jan 18 '19 14:01 brasseld

Ok, you have provided the private key.... but in the signature, you have to put the public key (keep the private key for yourself and do not share it!)

brasseld avatar Jan 18 '19 14:01 brasseld

Ok, you have provided the private key.... but in the signature, you have to put the public key (keep the private key for yourself and do not share it!)

Sorry i don't get it what do you mean. I already do that before. and share my token and my public key in here. So what do you want me to do ? and i'm not really used my private key for anything else, it just for my testing purpose. so i'm fine to share it also if you needed.

stani0502 avatar Jan 18 '19 14:01 stani0502

Can you tell how you get this private key ?

brasseld avatar Jan 18 '19 14:01 brasseld

Can you tell how you get this private key ?

using this site http://travistidwell.com/jsencrypt/demo/

stani0502 avatar Jan 18 '19 14:01 stani0502

Ok please try with the good tools....

For example: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key

brasseld avatar Jan 18 '19 14:01 brasseld

Ok please try with the good tools....

For example: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key

i thought you able use my public key and my token in your site. meaning the token is not a problem right ? i tried generate the key using ssh public key but i'm not able to generate token using https://jwt.io, i choose RS256 algorithm

and also i tried this tool http://kjur.github.io/jsjws/tool_jwt.html

but i'm still get 401 error

stani0502 avatar Jan 18 '19 16:01 stani0502