search

opositatest / varnish-jwt

Varnish JWT token authentication with RS256
MIT License
17 stars 5 forks source link

Stale while revalidate causes "Invalid JWT Token: Signature" #7

Closed akira28 closed 3 years ago

akira28 commented 4 years ago

I'm using your image to cache API responses protected by JWT authentication. It works wonderfully, thanks for it!

I just added stale-while-revalidate and stale-if-error headers to my responses, but now I'm facing a Error 401 Invalid JWT Token: Signature when the shared max age expire.

Do you have any suggestion on how could I solve the issue? Thanks and kind regards

ping86 commented 4 years ago

Hi @akira28

I can't reproduce the issue. I create a test file and all test passed:

varnishtest "stale if error"

server s1 {
    rxreq
    txresp
} -start

varnish v1 -vcl {

include "/etc/varnish/default.vcl";

} -start

client c1 {
  txreq -url / \
        -hdr "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlIjoiOkJERTEwMDAzNTE6IiwiZXhwIjoyMDM0NDMyMzYyLCJzdWIiOiJodHRwX3Rlc3QifQ.rsJrHXD0LIH-rt1_kicGb6xAJK0-zLAQ-kRJfAYQNivOcIrpqIugjmmoDm2f-tGjcu5n7PrcYm4HHIN3X_mLZw" -hdr "Cache-Control: max-age=600, stale-while-revalidate=30, stale-if-error=86400"
  rxresp
  expect resp.status == 200

  txreq -url / \
        -hdr "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlIjoiOkJERTEwMDAzNTE6IiwiZXhwIjoyMDM0NDMyMzYyLCJzdWIiOiJodHRwX3Rlc3QifQ.rsJrHXD0LIH-rt1_kicGb6xAJK0-zLAQ-kRJfAYQNivOcIrpqIugjmmoDm2f-tGjcu5n7PrcYm4HHIN3X_mLZw" -hdr "Cache-Control: max-age=600, stale-while-revalidate=30, stale-if-error=86400"
  rxresp
  expect resp.status == 200

} -run

sut_1 | # top TEST test/stale_if_error.vtc passed (1.826)

Do you modify default.vcl file?

Thanks.

akira28 commented 4 years ago

Sorry for the late response. This is the vcl I'm using: https://github.com/TheColvinCo/docker-images/blob/master/varnish/conf/default.vcl

aderumier commented 4 years ago

@akira28

Hi, I'm not sure it's related, but I had similar problem with request restart

The problem for me is that 

v.update(req.http.tmpHeader + "." + req.http.tmpPayload);

seem to not override old value, but append. and in case in restart, the v object is not destroy.

I have fixed it with a simple

      v.reset(); // need this if request restart
      v.update(req.http.tmpHeader + "." + req.http.tmpPayload);

Not sure you have the same problem, but give it a try

ping86 commented 4 years ago

Thanks @aderumier

There is a problem when request is restart.

Issue solved in https://github.com/opositatest/varnish-jwt/pull/11

@akira28 Can you try this code and confirm.

Could you try this code in your app and confirm the solution?

Best regards.