You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/10/26 16:45:08 UTC

[GitHub] [apisix] tzssangglass opened a new issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

tzssangglass opened a new issue #2523:
URL: https://github.com/apache/apisix/issues/2523


   ### Issue description
   I didn't find documentation for using the RS256 algorithm in the jwt plugin.After try, I achieved it.
   
   
   step1: set a consumer and config the value of the jwt-auth option,  use the private key here.
   
   ```
   curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   
   {
       "username": "RS256_algorithm",
       "plugins": {
           "jwt-auth": {
               "key": "RS256-key",
               "secret": "-----BEGIN RSA PRIVATE KEY-----\nMIICXwIBAAKBgQC50wrZORquQ1W6xS66Hvx9PA/Yp1kL4GosLCDYCFFeuyHemdZC\neDW+jzTfjdfDAExsZ4Z5/gNegOZC3nEIh/IDoEJHHMwziTz1jxh/7VXuFGvdZcIi\naPpKS6EZ+dVx/NfYMcyY+1gf1ASxJghOD+9Np7IepqKuAqxx1BVnk+rvmwIDAQAB\nAoGBAKqZ3vPfQWeL2kFGlse5ewVfBw1ZVp9YwSEcwmqT+GCIXWgIxHTx+CWjRF+Z\n0eTteTxtL0EAvAcfQEdUAWJbrQumsWR1hcWauDwbCRKH5zHCByT6TcJXZ4V5LjhY\neS8EcEruX+vIOwUt7Kr2mAjMy5nwtzhO6OFEmjFBlTLQwfWBAkEA2sXq/PP4cRDZ\nHQWD/d0fTtiHp54L078EAfzdCRhrDFlzAZCCyjANEsGgLJ/Ojjut7Nj0uLmyRMyW\n03j1s6nkUwJBANlx1CWn2XilMHrm6kyx2S6lptCuF7ff0+IDmynHlMCAx9YXApXh\nUbikerduA8q6gUgRL58kG04/v+0UcbbpXpkCQQCexC1yH3f4TfrSdfNBI90ZskhY\nW3lH1QMKkkCy3hap4qx0wTQ5mT+TkhM071DOpf7luNl4ycLW7Qa0N79QAIZjAkEA\nlvlYofiDnyeanIq9vRhywdeUFin6H9nRpIh6cCy5lFsV5Qi+68+wzPGunrNNALIz\n1xTPqsAIEXFj0bkzJxuraQJBAKKRBmn5pCJ5AckXQdsJz5oRBpSrizrsJrbwVHGx\nAZ0Yyd5HHTNck7R9DwTXJFqELEO1JwMXO/iXuj7H0WolPgs=\n-----END RSA PRIVATE KEY-----\n",
               "algorithm": "RS256"
           }
       }
   }
   ```
   
   step2: add a Route or add a Service , and enable the jwt-auth plugin
   
   step3: get the token in jwt-auth plugin
   
   ```
   curl http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=RS256-key -X GET
   ```
   
   example: `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJSUzI1Ni1rZXkiLCJleHAiOjE2MDM4MTY0MDV9.Wru7HT7xJLIIHdootPje7Xn9tbvPQAugKR0LFT0ALwRvjqJwPxtkNcCFcM-HOJgO0UVJCTzPe792CIs115fnfTORqMjN2H1g7Cbi2xcJaeDwZoyL1J27kaSJfcB42r4vyK3WQoG3Yk9y7zVVTAey-HpVvu-2m1CMOA2yNw7H810`
   
   setp4: update value of the jwt-auth option on same consumer config, use the public key here.
   
   ```
   curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   
   {
       "username": "RS256_algorithm",
       "plugins": {
           "jwt-auth": {
               "key": "RS256-key",
               "secret": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC50wrZORquQ1W6xS66Hvx9PA/Y\np1kL4GosLCDYCFFeuyHemdZCeDW+jzTfjdfDAExsZ4Z5/gNegOZC3nEIh/IDoEJH\nHMwziTz1jxh/7VXuFGvdZcIiaPpKS6EZ+dVx/NfYMcyY+1gf1ASxJghOD+9Np7Ie\npqKuAqxx1BVnk+rvmwIDAQAB\n-----END PUBLIC KEY-----\n",
               "algorithm": "RS256"
           }
       }
   }
   ```
   
   setp5: valid jwt success
   
   
   If use the RS256 algorithm, I want to set both the public and private keys at the same time.
   
   #2355
   
   ### Environment
   
   * apisix version (cmd: `apisix version`): master(lastest version)
   * OS:macos
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

membphis commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-717984956


   @tzssangglass Do you have any suggestions for this issue?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-719110500


   > @tzssangglass Do you have any suggestions for this issue?
   
   Add two redundant fields, such as public_key, private_key, for the RSA algorithm.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

membphis commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-720469354


   it seems fine to me. agree with you.
   
   Welcome to submit the final PR. ^_^


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-720481100


   OK, I will, and I will also fix #2355  in the final PR.  ^_^


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-717200238


   ping @moonming @membphis @spacewander  pls take a look 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander closed issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use

Posted by GitBox <gi...@apache.org>.

spacewander closed issue #2523:
URL: https://github.com/apache/apisix/issues/2523


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org