bug: error configuring public_key in `openid-connect` plugin

hnlzwaq commented 2 years ago

Current Behavior

对public-key进行了各种设置，都无法离线验证jwt token 第一种直接设置公钥，不行第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ，还是不行第三种对公钥做base64转换还是不行

Expected Behavior

我期望设置一个公钥字符串就可以验证通过，可是怎么样都不行

希望作者对public_key有明确的定义说明

Error Logs

No response

Steps to Reproduce

最后的解决办法是，增加了一个 "public_key_from_odic": true, 替换了"public_key"参数，同时修改了脚本 openid-connect.lua 中的第182行 if conf.public_key_from_odic then ，目前公钥从openId-connect中心获取，完美解决问题

Environment

APISIX version (run apisix version):
Operating system (run uname -a):
OpenResty / Nginx version (run openresty -V or nginx -V):
etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
APISIX Dashboard version, if relevant:
Plugin runner version, for issues related to plugin runners:
LuaRocks version, for installation issues (run luarocks --version):

tzssangglass commented 2 years ago

对public-key进行了各种设置，都无法离线验证jwt token 第一种直接设置公钥，不行第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ，还是不行第三种对公钥做base64转换还是不行

see: https://github.com/apache/apisix/blob/ccd70dff214f68a223d07e3a80148dbe92e9fa51/t/plugin/openid-connect.t#L462-L507

ipanocloud commented 2 years ago

遇到了同样的问题

ipanocloud commented 2 years ago

对public-key进行了各种设置，都无法离线验证jwt token 第一种直接设置公钥，不行第二种在公钥前后增加 -----BEGIN PUBLIC KEY----- ，还是不行第三种对公钥做base64转换还是不行

see:

https://github.com/apache/apisix/blob/ccd70dff214f68a223d07e3a80148dbe92e9fa51/t/plugin/openid-connect.t#L462-L507

"public_key": "-----BEGIN PUBLIC KEY-----\n]] .. [[MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANW16kX5SMrMa2t7F2R1w6Bk/qpjS4QQ\n]] .. [[hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ==\n]] .. [[-----END PUBLIC KEY-----", 这里[[\n]] 能代表什么意思呢

ipanocloud commented 2 years ago

"public_key": "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9jEbKgIL0Pu9suixeV+y+vxUOb9TOTd/sUckg+xCqfsRubGjFlyLn/pRXa5fn7+uD+m/S3SMoSlJSBKKMcEMGGFUIHmjuD9CI3yO918RpM6o/+g658P0p//t5BtinyPBgjAzxJQ6orUOTMsLlksQh9eMEHcw1FmG10n8uoihtcP8kgjCs2IL//CSC8NaDVvDlC3b11eafCyvxvv92GAXH1g9XoK8jGD8VvhvQhUso19bFyvxuBIeFqTLKfULIC8xxMPgoAAklXjYZVnPtGCsIVHRlmwuljCTvrJphDqbtPRuVuFbUhp0aKDfsTKZeFErJ0oUCzdjo8tA5kb+6cpDwIDAQAB-----END PUBLIC KEY-----", 这种格式无法识别嘛？

tzssangglass commented 2 years ago

这里[[\n]] 能代表什么意思呢

line break

datavisorzhizhu commented 1 year ago

Given a public key, how to get the format presented in test cases? I tried several ways to break a public key into the format presented in test cases, but failed @tzssangglass

kayx23 commented 9 months ago

does this issue still remain?

apache / apisix