Open citkane opened 4 years ago
I resolved the first of my issues:
auth.jwt.pubkey = etc/certs/jwt_public_key.pem
needs to locate to an absolute OS dir, it is not an alias or relative path.
For Ubuntu 18.04 install from repo: auth.jwt.pubkey = /etc/emqx/certs/jwt_public_key.pem
I am still struggling with the next one:
What does jwt_public_key.pem
do?
I am able to drop in any public cert at that filename, and:
I am guessing that the trick is to create a RSA private/public keypair from the HMAC Hash Secret which supports HS256 validation - but how do I do that???? The googling is now becoming EPIC...
Ok, solved..... Please excuse my temporary stupidity.
This is an either/or situation, so use either [HMAC HS256] OR [RSA / ECDSA]
So, using jose in node.js as an example:
const {
JWK: { generateSync, asKey },
JWT
} = require('jose');
//for HMAC
const secretKey = asKey('emqxsecret', {
alg: 'HS256'
});
//OR for RSA
const privateKey = generateSync('RSA', 2048, {
alg: 'RS256'
})
const publicKey = privateKey.toPEM()
console.log(publicKey); //this is /etc/emqx/certs/jwt_public_key.pem
//SIGN
const testToken = JWT.sign({
test: 'test'
}, (privateKey || secretKey), {
expiresIn: '1 day'
});
console.log(testToken); //the JWT token to be passed to EMQx
Sorry @citkane We are very busy these days.
The last logic is right, don't worry about that.
EMQX v4.0.6 Ubuntu 18.04 - installed from repo
I am new to EMQX, and trying to set up jwt-auth from vanilla in a dev environment. I am following the docs.
emqx_auth_jwt.conf
is:etc/certs/jwt_public_key.pem
does not exist from clean install (Ubuntu 18.04), and I cannot find instructions for creating it from "emqxsecret".I have tried:
auth.jwt.pubkey = etc/certs/jwt_public_key.pem
But in all circumstances, when trying to start the
emqx_auth_jwt
plugin from dashboard, I am getting the following error:I believe that this is not an error, but me missing some basic key/cert concept here, but I cannot find documentation to help get me up and running.
Thanks in advance...