-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JWT plugin] RS256 JWT not working #1458
Comments
Can you check whether the new 0.9rc version still has the same behaviour? The jwt plugin got a few fixes. |
@lg1712 Care to comment what was wrong? |
must have been unsaved :/ --data-urlencode "rsa_public_key=[[ |
thx! |
Retrying the above (with same public key) doesnt work in kong 0.11 I have raised an issue #2939 |
### Summary
Hello,
It seems the KOng JWT plugin doesn't support external RS256 JWT token.
Steps To Reproduce
curl --data "grant_type=password&client_id=curl&username=laurent&password=password" http://localhost:8080/auth/realms/realm1/protocol/openid-connect/token
A JWT formated access_token is well issued.
Jwt plugin declaration: curl -X POST http://localhost:8001/apis/NodeAPI/plugins --data "name=jwt"
Consumer creation: curl -X POST http://localhost:8001/consumers --data "username=laurent"
jwt Credentials: curl -X POST http://localhost:8001/consumers/laurent/jwt --data "key=http://localhost:8080/auth/realms/realm1" --data "algorithm=RS256" --data "rsa_public_key=
curl http://localhost:8000/greeting ?jwt=X.Y.Z
With X.Y.Z my previously generated JWT.
[error] 109#0: *20714 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/kong/plugins/jwt/handler.lua:103: bad argument Polishing the controllers + more integration tests #4 to 'verify_signature' (crypto.pkey expected, got nil)
While going to /usr/local/share/lua/5.1/kong/plugins/jwt/handler.lua:103 it says:
-- Now verify the JWT signature
if not jwt:verify_signature(jwt_secret_value) then
return responses.send_HTTP_FORBIDDEN("Invalid signature")
end
And the jwt_secret_value in handler.lua says:
local jwt_secret_value = algorithm == "HS256" and jwt_secret.secret or jwt_secret.rsa_public_key
if conf.secret_is_base64 then
jwt_secret_value = jwt:b64_decode(jwt_secret_value)
end
That meens that jwt_secret_rsa_public_key isn't assigned to jwt_secret_value
Additional Details & Logs
The text was updated successfully, but these errors were encountered: