+ Dev On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias <cham...@wso2.com> wrote:
> Hi all, > > 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we > faced an issue. > > *Setup details : Single node APIM Server (no port offset), ISKM (port > offset 1), Default Micro-GW* > > 2. The issuer (iss) is picked from the <RevokeAPIURL> of api-manager.xml > in ISKM pack after replacing "/revoke" -> "/token". The default value in > ISKM pack is : https://localhost:${https.nio.port}/revoke > > 3. However, when consuming an API with a JWT token, the Micro-GW shows the > below error. > > ERROR [ballerina/http] - Error while validating JWT token : {message:"No > Registered IDP found for the JWT with issuer name : https://localhost: > ${https.nio.port}/token > > 4. When we decode the JWT (using https://jwt.io/), we found the "iss" as > follows. (${https.nio.port} has not been resolved properly) > > "iss": "https://localhost:${https.nio.port}/token" > > 5. Then we edited the <RevokeAPIURL> of api-manager.xml in ISKM pack as > follows. > > <RevokeAPIURL>https://localhost:8243/revoke</RevokeAPIURL> > > *Note* : In micro-gw.conf of Micro-GW 2.5.0, we have the following. > > [jwtTokenConfig] > issuer="https://localhost:8243/token" > audience="http://org.wso2.apimgt/gateway" > certificateAlias="wso2apim" > trustStore.path="${ballerina.home}/bre/security/ballerinaTruststore.p12" > trustStore.password="ballerina" > > 6. Then, after repeating the process, the API invocation was fine. > > According to the spec (https://tools.ietf.org/html/rfc7519#section-4.1.1), > "iss" claim identifies the principal that issued the JWT. There is > another option for this, which is the URL from IS "https://localhost:9444/ > oauth2/token". But having this in the JWT token can expose the IS > internal oauth2 token URL. > > So shall we go with the https://localhost:8243 approach? > > In both cases, we need to hardcode the <RevokeAPIURL> as the port > property is not resolved properly in non-synapse(IS) environment. > > Please share your thoughts. > > (Isuru/Malintha/Fazlan - Please add if I have missed anything.) > > Thanks. > > -- > Chamin Dias > Mobile : 0716097455 > Email : cham...@wso2.com > LinkedIn : https://www.linkedin.com/in/chamindias > > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev