[GitHub] [couchdb] roelal opened a new issue #3232: badarg jwt_auth required_claims with param

Thu, 29 Oct 2020 07:45:03 -0700 


roelal opened a new issue #3232:
URL: https://github.com/apache/couchdb/issues/3232


   ## Description
   
   I receive an `unknown_error : badarg` from `erlang:list_to_existing_atom/1` 
when I try to authenticate using a JWT token and `[jwt_auth] required_claims` 
includes a tuple with param, like `exp, iss {"yourissuername"}` (from the 
example).
   
   ## Steps to Reproduce
   
   1. configure couchdb to accept jwt auth
   `[chttpd] authentication_handlers = {chttpd_auth, 
jwt_authentication_handler}`
   2. configure required claims to include a tuple claim, like the
   
[example](https://github.com/apache/couchdb/blob/main/rel/overlay/etc/default.ini#L163)
     `[jwt_auth] required_claims = exp, {iss, "IssuerNameHere"}`
   3. make a request to `_session` bearing a JWT token.
     (doesn't really matter which token, the error happens before actual 
validation afaict)
   
   ## Expected Behaviour
   
   To get authenticated (or not, but not an unknown error)
   
   ## Your Environment
   
`{"couchdb":"Welcome","version":"3.1.1","git_sha":"ce596c65d","uuid":"c4d21e152a90a6cf779e046c9ddb012b","features":["access-ready","partitioned","pluggable-storage-engines","reshard","scheduler"],"vendor":{"name":"The
 Apache Software Foundation"}}`
   
   * CouchDB version used: 3.1.1
   * Browser name and version: n/a
   * Operating system and version: official docker image
   
   ## Additional Context
   
   [It happens somewhere 
here](https://github.com/apache/couchdb/blob/ce596c65d9d7f0bc5d9937bcaf6253b343015690/src/couch/src/couch_httpd_auth.erl#L212).
 (In the main branch, that code looks different, with a regex supporting 
tuples.)
   
   stack trace
   ```
   [error] 2020-10-29T13:51:27.130984Z nonode@nohost <0.19228.0> 9177353606 
req_err(824051426) unknown_error : badarg [
        <<"erlang:list_to_existing_atom/1">>,
        <<"couch_httpd_auth:-get_configured_claims/0-lc$^0/1-0-/1 L216">>,
        <<"couch_httpd_auth:-get_configured_claims/0-lc$^0/1-0-/1 L216">>,
        <<"couch_httpd_auth:jwt_authentication_handler/1 L194">>,
        <<"chttpd:authenticate_request/2 L532">>,
        <<"chttpd:process_request/1 L304">>,
        <<"chttpd:handle_request_int/1 L244">>,
        <<"mochiweb_http:headers/6 L150">>
   ]
   ```
   
   I realise now, after typing everything, that the [docs I 
linked](https://github.com/apache/couchdb/blob/main/rel/overlay/etc/default.ini#L163)
 are for main, and tuples in `required_claims` were just not yet merged in 
[3.1.1](https://github.com/apache/couchdb/blob/ce596c65d9d7f0bc5d9937bcaf6253b343015690/rel/overlay/etc/default.ini#L163).
 So perhaps this now turns into the question: how then do I provide which `iss` 
claim I expect?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to