Closed tntthanh closed 1 year ago
There are two possible tokens you could be talking about.
If you are talking about the admin API token, please see the following:
(The guidance basically says if you don't want the admin token to rotate, you need to configure Kong with your own key.)
If you are talking about a user JWT, see the secrets-config man page here:
https://docs.edgexfoundry.org/2.3/security/secrets-config-proxy/
(This guidance says that if you want an expiration time of other than one hour, pass an --exp flag specifying something different.)
Hi @bnevis-i, I am talking about admin API token. I wonder if there is any environment variable in the docker-compose file that I can fill in to block the backend to renew the admin API token.
@tntthanh, no there is not. The most straightforward thing to do is create a shadow admin using the Kong API. The alternative is to fork the EdgeX and customize it how you need.
A feature request to add support for this wouldn't be accepted because in EdgeX 3.0 we are going to replace the Kong API gateway with a much simpler NGINX gateway so that constrained devices (with low amounts of memory and/or disk) are better supported.
Hi @bnevis-i, how can I create a shadow admin
Please refer to the following: https://docs.konghq.com/hub/kong-inc/jwt/
You should be able to introspect the default configuration and provision a JWT of your own with the proper route mappings to set up a secondary admin account. Note that the unauthenticated Kong admin port on 8001 is available on localhost inside of the Kong container, but not exposed externally. It should be possible, by exec'ing into the Kong container, to set up the shadow admin even if the initial admin JWT has expired.
Note that you can use any authentication plugin that is available in the free version of Kong. You aren't forced to use the JWT provider if you don't want to.
Closing as "answered"
Hi everyone, I want the kong json web token not re-new for any circumstances. Please help provide me the environment variables in the docker compose file (secty version, V2.4) for this? Thank you very much.