You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/10/26 16:45:08 UTC
[GitHub] [apisix] tzssangglass opened a new issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
tzssangglass opened a new issue #2523:
URL: https://github.com/apache/apisix/issues/2523
### Issue description
I didn't find documentation for using the RS256 algorithm in the jwt plugin.After try, I achieved it.
step1: set a consumer and config the value of the jwt-auth option, use the private key here.
```
curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "RS256_algorithm",
"plugins": {
"jwt-auth": {
"key": "RS256-key",
"secret": "-----BEGIN RSA PRIVATE KEY-----\nMIICXwIBAAKBgQC50wrZORquQ1W6xS66Hvx9PA/Yp1kL4GosLCDYCFFeuyHemdZC\neDW+jzTfjdfDAExsZ4Z5/gNegOZC3nEIh/IDoEJHHMwziTz1jxh/7VXuFGvdZcIi\naPpKS6EZ+dVx/NfYMcyY+1gf1ASxJghOD+9Np7IepqKuAqxx1BVnk+rvmwIDAQAB\nAoGBAKqZ3vPfQWeL2kFGlse5ewVfBw1ZVp9YwSEcwmqT+GCIXWgIxHTx+CWjRF+Z\n0eTteTxtL0EAvAcfQEdUAWJbrQumsWR1hcWauDwbCRKH5zHCByT6TcJXZ4V5LjhY\neS8EcEruX+vIOwUt7Kr2mAjMy5nwtzhO6OFEmjFBlTLQwfWBAkEA2sXq/PP4cRDZ\nHQWD/d0fTtiHp54L078EAfzdCRhrDFlzAZCCyjANEsGgLJ/Ojjut7Nj0uLmyRMyW\n03j1s6nkUwJBANlx1CWn2XilMHrm6kyx2S6lptCuF7ff0+IDmynHlMCAx9YXApXh\nUbikerduA8q6gUgRL58kG04/v+0UcbbpXpkCQQCexC1yH3f4TfrSdfNBI90ZskhY\nW3lH1QMKkkCy3hap4qx0wTQ5mT+TkhM071DOpf7luNl4ycLW7Qa0N79QAIZjAkEA\nlvlYofiDnyeanIq9vRhywdeUFin6H9nRpIh6cCy5lFsV5Qi+68+wzPGunrNNALIz\n1xTPqsAIEXFj0bkzJxuraQJBAKKRBmn5pCJ5AckXQdsJz5oRBpSrizrsJrbwVHGx\nAZ0Yyd5HHTNck7R9DwTXJFqELEO1JwMXO/iXuj7H0WolPgs=\n-----END RSA PRIVATE KEY-----\n",
"algorithm": "RS256"
}
}
}
```
step2: add a Route or add a Service , and enable the jwt-auth plugin
step3: get the token in jwt-auth plugin
```
curl http://127.0.0.1:9080/apisix/plugin/jwt/sign?key=RS256-key -X GET
```
example: `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJSUzI1Ni1rZXkiLCJleHAiOjE2MDM4MTY0MDV9.Wru7HT7xJLIIHdootPje7Xn9tbvPQAugKR0LFT0ALwRvjqJwPxtkNcCFcM-HOJgO0UVJCTzPe792CIs115fnfTORqMjN2H1g7Cbi2xcJaeDwZoyL1J27kaSJfcB42r4vyK3WQoG3Yk9y7zVVTAey-HpVvu-2m1CMOA2yNw7H810`
setp4: update value of the jwt-auth option on same consumer config, use the public key here.
```
curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "RS256_algorithm",
"plugins": {
"jwt-auth": {
"key": "RS256-key",
"secret": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC50wrZORquQ1W6xS66Hvx9PA/Y\np1kL4GosLCDYCFFeuyHemdZCeDW+jzTfjdfDAExsZ4Z5/gNegOZC3nEIh/IDoEJH\nHMwziTz1jxh/7VXuFGvdZcIiaPpKS6EZ+dVx/NfYMcyY+1gf1ASxJghOD+9Np7Ie\npqKuAqxx1BVnk+rvmwIDAQAB\n-----END PUBLIC KEY-----\n",
"algorithm": "RS256"
}
}
}
```
setp5: valid jwt success
If use the RS256 algorithm, I want to set both the public and private keys at the same time.
#2355
### Environment
* apisix version (cmd: `apisix version`): master(lastest version)
* OS:macos
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-717984956
@tzssangglass Do you have any suggestions for this issue?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-719110500
> @tzssangglass Do you have any suggestions for this issue?
Add two redundant fields, such as public_key, private_key, for the RSA algorithm.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-720469354
it seems fine to me. agree with you.
Welcome to submit the final PR. ^_^
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-720481100
OK, I will, and I will also fix #2355 in the final PR. ^_^
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #2523:
URL: https://github.com/apache/apisix/issues/2523#issuecomment-717200238
ping @moonming @membphis @spacewander pls take a look
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #2523: request help: jwt-auth plugin RS256 algorithm is not easy to use
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #2523:
URL: https://github.com/apache/apisix/issues/2523
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org