kayx23 opened a new issue, #10002: URL: https://github.com/apache/apisix/issues/10002
### Description Relevant doc: https://apisix.apache.org/docs/apisix/terminology/plugin/#custom-error-response Testing with the `jwt-auth` plugin. `_meta. error_response` is not effective if configured on the `jwt-auth` plugin on consumer. It is effective if configured on route. This behaviour is unintuitive and unexpected since most of the time users configure the auth plugin details on consumers. See the following tests. ## Configure `_meta. error_response` on Consumer Create a consumer: ```bash curl "http://127.0.0.1:9180/apisix/admin/consumers"; -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "username": "tom", "plugins": { "jwt-auth": { "key": "user-key", "_meta": { "error_response": { "message": "TESTING FOR ERROR RESPONSE" } } } } }' ``` Create a route: ```bash curl "http://127.0.0.1:9180/apisix/admin/routes"; -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "id": "jwt-auth-route", "uri": "/ip", "plugins": { "jwt-auth": {} }, "upstream": { "type": "roundrobin", "nodes": { "httpbin.org:80": 1 } } }' ``` Sending requests without JWT token, we see that the error message is not the one we customized: ```bash curl "http://127.0.0.1:9080/ip"; {"message":"Missing JWT token in request"} ``` ```bash curl http://127.0.0.1:9080/ip?jwt=123456 {"message":"JWT token invalid"} ``` ## Configure `_meta. error_response` on Route Create a consumer: ```bash curl "http://127.0.0.1:9180/apisix/admin/consumers"; -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "username": "tom", "plugins": { "jwt-auth": { "key": "user-key" } } }' ``` Create a route: ```bash curl "http://127.0.0.1:9180/apisix/admin/routes"; -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "id": "jwt-auth-route", "uri": "/ip", "plugins": { "jwt-auth": { "_meta": { "error_response": { "message": "TESTING FOR ERROR RESPONSE" } } } }, "upstream": { "type": "roundrobin", "nodes": { "httpbin.org:80": 1 } } }' ``` Sending requests without JWT token, we see that the error message is not the one we customized: ```bash curl "http://127.0.0.1:9080/ip"; {"message":"TESTING FOR ERROR RESPONSE"} ``` ```bash curl http://127.0.0.1:9080/ip?jwt=123456 {"message":"TESTING FOR ERROR RESPONSE"} ``` ### Environment - APISIX version (run `apisix version`): 3.2.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
