product-microgateway icon indicating copy to clipboard operation
product-microgateway copied to clipboard

Published 20 hours ago verified publisher icon wso2

correct base64 url encoding for backend jwt

Open suksw opened this issue 3 years ago • 2 comments

Description:

The backend jwt created by enforcer includes "=" in its base64 url encoding. As per https://datatracker.ietf.org/doc/html/rfc7515#section-2 trailing '=' characters must be omitted.

Base64url Encoding
      Base64 encoding using the URL- and filename-safe character set
      defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
      characters omitted (as permitted by Section 3.2) and without the
      inclusion of any line breaks, whitespace, or other additional
      characters.  Note that the base64url encoding of the empty octet
      sequence is the empty string.

A warning related to this also appears when trying to decode the backend jwt via a web jwt decoder.

Steps to reproduce:

  1. Add the following to config.toml
[enforcer]
[enforcer.jwtGenerator]
  enabled = true
  encoding = "base64url"
  1. Start choreo connect with apim
  2. Create, deploy and publish an API
  3. Invoke the API from devportal
  4. Get the jwt token received at the backend and check the encoding

We can use the following to fix this

Base64.getEncoder().withoutPadding().encodeToString(someByteArray);

Affected Product Version:

Environment details (with versions):

  • OS:
  • Client:
  • Env (Docker/K8s):

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

suksw avatar Nov 03 '21 05:11 suksw

@Amila-Rukshan is working on this.

pubudu538 avatar Mar 15 '22 04:03 pubudu538

This will be fixed from https://github.com/wso2/carbon-apimgt/pull/11153. It will be available in wso2/carbon-apimgt next GA.

Amila-Rukshan avatar Mar 15 '22 12:03 Amila-Rukshan