search

emqx / emqx-auth-jwt

EMQX JWT Authentication Plugin
https://www.emqx.com
Apache License 2.0
29 stars 24 forks source link

RS256 not working #98

Open marufbd opened 4 years ago

marufbd commented 4 years ago

I am currently using emqx broker on kubernetes with anonymous auth internally.

Now wanted to expose it through websocket and was trying to use this plugin for auth.

However it turns out only HS256 alg type works with a secret.

I am using the latest emqx/emqx docker image v3.2.3, see startup logs:

node.max_ports=1048576
listener.tcp.external.acceptors=64
auth.jwt.secret=secret
listener.ssl.external.acceptors=32
node.process_limit=2097152
node.max_ets_tables=2097152
auth.jwt.verify_claims=off
listener.ws.external.acceptors=16
auth.jwt.pubkey=/etc/certs/issuer_cert.pem
auth.jwt.from=password
node.name=message-broker-hub-7466f4db7d-fvb6l@192.168.26.150
EMQX_LOADED_PLUGINS=emqx_management | emqx_dashboard | emqx_retainer | emqx_recon | emqx_auth_jwt
emqx v3.2.3 is started successfully!

I've configured both secret and public key. secret: secret (i know this is not secure)

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiYm9iIiwiYWdlIjoyOX0.pbkBN3mEWDb2a6mLkoLXRirneliafU8ww_OhmuC1kI4

Both above token is HS256. Now this RS256 token gives weird error:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.FThNm4IGfWKNfZxrVjrzqUz3p7l5lm3b-HpbhqZhukNylQWx643ulhGznn4JdZqL8eYwp9Vevk2IB5Jm_VoUWODK9mKOnlzd9wVHwuJ1I8YcQuDBqe1ySOhZwqWSQWhnLEtpk6MrDCV8qQDqmDFFvN0nvzdqoyQlJzrud32RdykvjrkJGgiNhTCCPSJUHnDv2GP2E7930IHPEU2HvQvhqYgXeO6e_xhC0KlAMUSlG5yaaVxOTMXlEgjKy9l_U0Mrg3W0Q5DcYLIrIkRjnxI_SE2OKAdKxre0Zj-HbU9aJqvSAIOgjDDfJ-ddV7VgF_llZlvOze87HfvTRB5VwIGHkA

Error in log: 2019-09-16 05:22:47.512 [warning] test_client@192.168.13.126:57430 [Protocol] Client test_client (Username: 'test_user') login failed for badarg

muhun commented 4 years ago

I used RS512 , when i tried to verify with pub key I get

login failed for {badmatch,[]}

HJianBo commented 4 years ago

@muhun Which emqx version used?

I have fixed the RS256/RS512 compatibility with others platform on v4.0.7 https://github.com/emqx/emqx-auth-jwt/pull/115

Maybe you can try it for setting: 

auth.jwt.signature_format = raw