bbelghith
commented
3 years ago Dear Joshi, i try to use gentics mesh 1.7.1 together with our keycloak instance and had trouble. I switched the used Algorithm of Gentics Mesh to RS256 but now no Token can be issued for the Admin - A JWT token requires a JTI in its claim and your code is not creating or providing it.
public String adminToken() {
return db.tx(tx -> {
HibUser admin = tx.data().userDao().findByUsername("admin");
// TODO: Use dedicated tokenCode - See https://github.com/gentics/mesh/issues/412
return authProvider.get().generateAPIToken(admin, null, null);
});
}the tokencode is always null so the jti is null - this is bad because then the token is refused and the message Algorithm not supported is issued. I thought Gentics mesh is supporting RS256 ?
It should be possible to issue multiple API keys per user. API Key should be stored in a LRU map to avoid graph access for token verification. The plugin system should also issue admin tokens for each plugin and invalidate the token during deregister action.