[policy] [jwt] Couldn't find clear doc to use JWT predefined policy

[NicolasGeraud]

see gravitee-io/issues#462

[stani0502]

Hi Team,

I tried to implement JWT polices to accessing the Gravitee server but it always return me 401. I could not find anything on the log file.

I call the following :

GET http://localhost:8082/urs HTTP/1.1 User-Agent: Fiddler Host: localhost:8082 X-Gravitee-Api-Key: af8472b6-af00-49fd-9898-b99fe3b93bdb Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM5NGE3MTk4OGNhYTZjYzMwNjAxZTQzZjViNjU2OWQ1MmNkN2Y2ZGYiLCJqdGkiOiIzOTRhNzE5ODhjYWE2Y2MzMDYwMWU0M2Y1YjY1NjlkNTJjZDdmNmRmIiwiaXNzIjoibXkuYXV0aG9yaXphenRpb24uc2VydmVyIiwiYXVkIjoidGVzdDEyMyIsInN1YiI6Iml5YW5pdHJhIiwiZXhwIjoxNDgzNzExNjUwLCJpYXQiOjE0ODM3MDgwNTAsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJzY29wZSI6Im9uZXNjb3BlIHR3b3Njb3BlIn0.B3cGvpCjHxMqp_vg-PAEEbJu-pVJOuVS7pn2nl5JhXN0rGrt0mBHMdjidISt5fzmG-rsa0jgmbaFPrNeG9yR09hz1_gNKPYhPU6besyAmXdIRU3mJVIK1MCbxwSmLULrxRjjDxgvpE4QeXA30D70RyOI7uJUNGNSAlyOg5Ajx_gNQFw8RUhdRzlFQqfjEikm1DQjM6EnVnGTda0qwaPtBz7BE5Is_vPSDh4om5JhQaWEjHF9E5fp648bc4lKOhrAySiNOoI5LrB2g1c_Hia2iQiNRfdMe_40OHWCMtouNFqcQflOfH8B3k8RN0x-Zsu0tpnPvdf4RBg4tH3oPnfAbQ Content-type: application/json Content-Length: 0

And i setup my API Server using JWT Policy

this i the value in the Resolver parameter ssh-rsa MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluyrsHnpzB6+gi76OW9YFIKwkbKBIGujl01iBWAkxDCMCQhemVzCBmjlp8lpszL/Pg/r38eLEae+qMQljQJjd0GICKo2mIO/7/jsLs0vtsU3jbPB1OKjBNiYI+ndSnYAHkVQxcNqzwdHGtCugWAMFQWTg+ksEZRe0GBpXgbTKqw0Bukhe59NkFQSQw4c+KQy71edZ3qpSsp5QKTaznEBq9l57t0DFQrC2117jLjWnGNide2Dh3O9MZ9YPBjCA/D1W4PZLelTbpvl1Nts4gVRwVMQx0zzNaiCdNFgKUAluPRs2YZUqF0lvVBV4P+/XLjGCB2fv8Go6O+p7ktNoBGsCwIDAQAB email@domain.com

Am i missing something here ?

[brasseld]

Yes, I think you miss something...

Seems that your JWT is expired....

[stani0502]

Is there a way for me to check? I mean if jwt fail, for example because in valid public key or because token expired. Because i tried checking on log file there no information about it or do i need enable something to show more information in the log file?

[brasseld]

which version of g.io are you using ?

[stani0502]

i just tried updating my token using valid time, and still not working.

this is my token eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM5NGE3MTk4OGNhYTZjYzMwNjAxZTQzZjViNjU2OWQ1MmNkN2Y2ZGYiLCJqdGkiOiIzOTRhNzE5ODhjYWE2Y2MzMDYwMWU0M2Y1YjY1NjlkNTJjZDdmNmRmIiwiaXNzIjoibXkuYXV0aG9yaXphenRpb24uc2VydmVyIiwiYXVkIjoidGVzdDEyMyIsInN1YiI6InVzZXIxIiwiZXhwIjoxNTc3ODM2ODAwLCJpYXQiOjE1NDc4MTcxMjEsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJzY29wZSI6Im9uZXNjb3BlIHR3b3Njb3BlIn0.eUy10S09QPf2OZhtSGJAD4vVvZwcdXKt2JeEhi-An0FXvuTlDiOFtAw2x7Unm7TJuPPNRh8AvQgLHT-jFALMRHprCjE9A4IYVYAC1002PUKbj5nz773yUwl1whgouErAvSAZISNksdKHyWUYNZWy09RdNhOzaoLGqLLwCSybkYos0qXz2R5705fDbe1zpuq1TljwN7KM8RJaaJ8wsFJkOG3uVEjgpOUpDQOlccci8j_ZUBFeVrWk7W2r1iBcmqWt0vUkAcz0nOxxfwhW5jvjfUKWZaKUlx-VkHtqspBcgsXumjvq_WR8AMYhuc8EyKEhe4RGrXYM7qbIR3iELlUpUQ

i'm using graviteeio-gateway-1.21.2

[brasseld]

Ok, I am able to reproduce with your signature and your jwt.

let me see what's going wrong there.

[brasseld]

Ok, you have provided the private key.... but in the signature, you have to put the public key (keep the private key for yourself and do not share it!)

[stani0502]

Ok, you have provided the private key.... but in the signature, you have to put the public key (keep the private key for yourself and do not share it!)

Sorry i don't get it what do you mean. I already do that before. and share my token and my public key in here. So what do you want me to do ? and i'm not really used my private key for anything else, it just for my testing purpose. so i'm fine to share it also if you needed.

[brasseld]

Can you tell how you get this private key ?

[stani0502]

Can you tell how you get this private key ?

using this site http://travistidwell.com/jsencrypt/demo/

[brasseld]

Ok please try with the good tools....

For example: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key

[stani0502]

Ok please try with the good tools....

For example: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key

i thought you able use my public key and my token in your site. meaning the token is not a problem right ? i tried generate the key using ssh public key but i'm not able to generate token using https://jwt.io, i choose RS256 algorithm

and also i tried this tool http://kjur.github.io/jsjws/tool_jwt.html

but i'm still get 401 error