[GitHub] [apisix] MirtoBusico opened a new issue, #10068: help request: authz-keycloak gives the error "invalid request body: Expected object key string but found invalid token at character 56"

Mon, 21 Aug 2023 10:11:01 -0700 


MirtoBusico opened a new issue, #10068:
URL: https://github.com/apache/apisix/issues/10068

   ### Description
   
   Hi all,
   I'm trying to add the authz-keycloak plugin to a route that uses the 
openid-connect plugin.
   
   When I add this plugin definition
   
   ```
           “authz-keycloak”: {
               "token_endpoint": 
"https://h2k6k.h.net/realms/hd02/protocol/openid-connect/token";,
               "permissions": ["user-resource"],
               "client_id": "hd02client",
               "access_denied_redirect_uri": 
"https://h2www.h.net/pres/unauthorized";
           },            
   ```
   
   I receive this error message when trying to create the route
   
   ```
   "error_msg": "invalid request body: Expected object key string but found 
invalid token at character 56",
   ```
   
   I was not able to find what is wrong.
   
   The complete command transcript
   
   ```
   sysop@h2dev:~$ curl 
http://localhost:8001/api/v1/namespaces/apisix/services/apisix-admin:9180/proxy/apisix/admin/routes/id_h2www_user
 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   {
       "host": "h2www.h.net",
       "plugins": {
           “authz-keycloak”: {
               "token_endpoint": 
"https://h2k6k.h.net/realms/hd02/protocol/openid-connect/token";,
               "permissions": ["user-resource"],
               "client_id": "hd02client",
               "access_denied_redirect_uri": 
"https://h2www.h.net/pres/unauthorized";
           },            
           "openid-connect": {
           "realm": "hd02",
           "logout_path": "/user/logout",
           "access_token_in_authorization_header": true,
           "redirect_uri": "https://h2www.h.net/user/*";,
           "_meta": {
               "disable": false
           },
           "client_secret": "YVdFLJZ6KGtS7y2ZYARMfrcIpjP6Wt5J",
           "scope": "openid profile",
           "client_id": "hd02client",
           "introspection_endpoint_auth_method": "client_secret_post",
           "discovery": 
"https://h2k6k.h.net/realms/hd02/.well-known/openid-configuration";,
           "bearer_only": false
           },
           "redirect": {
               "http_to_https": true
           }
       },
       "desc": "h2www.h.net/user primary route",
       "status": 1,
       "name": "h2www_user",
       "id": "id_h2www_user",
       "uri": "/user*",
       "upstream_id": "id_h2www_user",
       "methods": [
           "GET",
           "POST",
           "PUT",
           "DELETE",
           "PATCH",
           "HEAD",
           "OPTIONS",
           "CONNECT",
           "TRACE",
           "PURGE"
       ]
   }' |jq
     % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                    Dload  Upload   Total   Spent    Left  Speed
   100  3056    0  1667  100  1389   179k   149k --:--:-- --:--:-- --:--:--  
331k
   {
     "error_msg": "invalid request body: Expected object key string but found 
invalid token at character 56",
     "req_body": "\n{\n    \"host\": \"h2www.h.net\",\n    \"plugins\": {\n     
   “authz-keycloak”: {\n            \"token_endpoint\": 
\"https://h2k6k.h.net/realms/hd02/protocol/openid-connect/token\",\n            
\"permissions\": [\"user-resource\"],\n            \"client_id\": 
\"hd02client\",\n            \"access_denied_redirect_uri\": 
\"https://h2www.h.net/pres/unauthorized\"\n        },            \n        
\"openid-connect\": {\n        \"realm\": \"hd02\",\n        \"logout_path\": 
\"/user/logout\",\n        \"access_token_in_authorization_header\": true,\n    
    \"redirect_uri\": \"https://h2www.h.net/user/*\",\n        \"_meta\": {\n   
         \"disable\": false\n        },\n        \"client_secret\": 
\"YVdFLJZ6KGtS7y2ZYARMfrcIpjP6Wt5J\",\n        \"scope\": \"openid profile\",\n 
       \"client_id\": \"hd02client\",\n        
\"introspection_endpoint_auth_method\": \"client_secret_post\",\n        
\"discovery\": \"https://h2k6k.h.net/realms/hd02/.well-known/openid-co
 nfiguration\",\n        \"bearer_only\": false\n        },\n        
\"redirect\": {\n            \"http_to_https\": true\n        }\n    },\n    
\"desc\": \"h2www.h.net/user primary route\",\n    \"status\": 1,\n    
\"name\": \"h2www_user\",\n    \"id\": \"id_h2www_user\",\n    \"uri\": 
\"/user*\",\n    \"upstream_id\": \"id_h2www_user\",\n    \"methods\": [\n      
  \"GET\",\n        \"POST\",\n        \"PUT\",\n        \"DELETE\",\n        
\"PATCH\",\n        \"HEAD\",\n        \"OPTIONS\",\n        \"CONNECT\",\n     
   \"TRACE\",\n        \"PURGE\"\n    ]\n}"
   }
   sysop@h2dev:~$ 
   ```
   P.S. I don't know the correct syntax for the plugins. 
   In the past I used the Apisix-dashboard to manage the plugins; but now 
apisix-dashboard have compatibility issues with Apisix 3.X
   
   
   
   ### Environment
   
   - APISIX version (run `apisix version`): 3.2.0 (LTS)
   - Operating system (run `uname -a`):
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl 
http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to