[GitHub] [apisix] mscb402 commented on issue #8613: {"message":"failed to verify jwt"}

Tue, 21 Feb 2023 23:54:44 -0800 


mscb402 commented on issue #8613:
URL: https://github.com/apache/apisix/issues/8613#issuecomment-1439573178

   Here is my step:
   
   Step 1 : 
   Create a consumer, keep in mind `key` is very important, only this key could 
identify which consumer is matched.
   ```
   {
     "username": "consumer_jwt",
     "desc": "jwt_key",
     "plugins": {
       "jwt-auth": {
         "exp": 86400,
         "key": "jwt_key",
         "secret":"my_secret"
       }
     }
   }
   ```
   
   Step 2: Create 2 route
   The first one is the public API route
   ```
   {
     "uri": "/gen",
     "name": "gen",
     "plugins": {
       "public-api": {
         "uri": "/apisix/plugin/jwt/sign"
       }
     },
     "status": 1
   }
   ```
   The second is the normal route, I use the route which you provide before
   ```
   {
     "uri": "/admin/*",
     "name": "xubin_rount_admin",
     "methods": [
       "GET",
       "POST",
       "PUT",
       "DELETE",
       "PATCH",
       "HEAD",
       "OPTIONS",
       "CONNECT",
       "TRACE"
     ],
     "plugins": {
       "jwt-auth": {},
       "proxy-rewrite": {
         "regex_uri": [
           "^/admin(/|$)(.*)",
           "/$2"
         ]
       }
     },
     "upstream": {
       "nodes": [
         {
           "host": "httpbin.org",
           "port": 80,
           "weight": 1
         }
       ],
       "retries": 2,
       "timeout": {
         "connect": 6,
         "send": 6,
         "read": 6
       },
       "type": "roundrobin",
       "scheme": "http",
       "pass_host": "pass",
       "keepalive_pool": {
         "idle_timeout": 60,
         "requests": 1000,
         "size": 320
       },
       "retry_timeout": 3
     },
     "labels": {
       "API_VERSION": "v1.0"
     },
     "status": 1
   }
   ```
   
   Step 3: 
   Generate a new JWT token using public api
   ```
   curl 'http://127.0.0.1:9080/gen?key=jwt_key'
   ```
   Remember `jwt_key` should match the key you are config in the consumer. If 
the wrong key is set, you will get a 404 error.
   
   Step 4: Access route
   ```
   curl 'http://127.0.0.1:32541/admin/get' -H 'Authorization: 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJqd3QiLCJleHAiOjE2NzcxMzgxMzF9.tbL6NY9xkFdEIJkAvnc0rfPMKaGgzd9Wj_TPb5aK04Q'
  -i
   ```
   
   You will get this return, everything work correctly.
   ```
   HTTP/1.1 200 OK
   Content-Type: application/json
   Content-Length: 455
   Connection: keep-alive
   Date: Wed, 22 Feb 2023 07:53:32 GMT
   Access-Control-Allow-Origin: *
   Access-Control-Allow-Credentials: true
   Server: APISIX/3.1.0
   
   {
     "args": {}, 
     "headers": {
       "Accept": "*/*", 
       "Authorization": 
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJqd3Rfa2V5IiwiZXhwIjoxNjc3MTM4NzkyfQ.IkNmF282LTte31niYaqYy5rlq2bHqQHiFn-yOkceJoc",
 
       "Host": "127.0.0.1", 
       "User-Agent": "curl/7.84.0", 
       "X-Amzn-Trace-Id": "Root=1-63f5c9fc-57288b172fab075e2e5a202d", 
       "X-Forwarded-Host": "127.0.0.1"
     }, 
     "origin": "192.168.65.4, 61.241.66.251", 
     "url": "http://127.0.0.1/get";
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to