kingmouse-yx commented on issue #6564:
URL: https://github.com/apache/apisix/issues/6564#issuecomment-1064227632
@soulbird
Hello, I found that this method may lead to the failure of token
verification: `algorithm_handler(consumer)`
```lua
local _, auth_secret = algorithm_handler(consumer)
```
I printed the value of auth-secret. Although it is a string of error code,
it is still very available.
I found that this value in the log can be divided into the following two
types:
- 1
```txt
???????j??gs?,(?L0=?2OG?
?v+??
```
- 2
```txt
%#?A???o?FF???}ާ???? L#
```
Among them, the number of times counted by 1 is just the number of
successful verification, and the number of times counted by 2 is just the
number of failed verification.
I think this may be the reason why the inspection failed.
```log
2022/03/10 15:42:05 [warn] 42#42: *1330147 [lua] jwt-auth.lua:295:
phase_func(): uuid:faeff528-cc07-4b0d-9f7c-170221999fd6 auth_secret:
???????j??gs?,(?L0=?2OG?
?v+??, client: 172.18.0.1, server: _, request: "POST /get04 HTTP/1.1",
host: "127.0.0.1:9080"
2022/03/10 15:42:05 [warn] 43#43: *1330146 [lua] jwt-auth.lua:295:
phase_func(): uuid:36eed0fd-06a4-41b6-8f46-a87d6b024bdb auth_secret:
%#?A???o?FF???}ާ???? L#, client: 172.18.0.1, server: _, request: "POST /get04
HTTP/1.1", host: "127.0.0.1:9080"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
