Skip to content

Unable to validate JWT via external service #377

New issue
New issue
Open
#378
Open
Unable to validate JWT via external service#377
#378
Assignees
kevinbader
Labels
bug
@patrickmedina

Description

@patrickmedina
patrickmedina
opened on May 17, 2021

Summary and context

The external JWT validator service successfully receives the POST request and returns 200 OK but RIG always returns "Invalid Signature".

How to reproduce

When I run RIG with these settings:

  • External service is running on port 3000 on host machine and is accessible from docker containers.

  • External service immediately returns 200 OK for testing and doesn't actually validates the JWT.

  • RIG Config values:

SUBSCRIPTION_CHECK=http://host.docker.internal:3000

..and set up clients and services like this:

  • Initiate Websocket connection:

$ wscat -c ws://localhost:4000/_rig/v1/connection/ws

  • Subscription request:

$ curl -X PUT -H "Content-Type: application/json" -d '{"subscriptions":[{"eventType":"position","oneOf":[{"userType":"admin"}]}]}' -H "Authorization: Bearer jwt_token" "http://localhost:4000/_rig/v1/connection/ws/0B7ilUe9imppbOep5E9Gw_KD8ZR7Jal4HK2ZyG0cZXO2VBwxAxT8ZIUGA_YORriC7I3nppuaNfv48PQzbtQ=/subscriptions"

..I see the following error and/or log output:

  • Subscription response:

cannot accept subscription request: invalid authorization header: could not decode JWT: Invalid signature

  • JWT service received request from RIG:

{
method: 'POST',
url: '/',
header: {
authorization: 'Bearer jwt_token',
host: 'host.docker.internal:3000',
'user-agent': 'hackney/1.16.0',
'content-type': 'application/json',
'content-length': '75'
}
}

  • RIG logs:

rig-dev | 16:15:06.145 module=Phoenix.Logger request_id=Fn_mwLBz4wK9hIAAAABB [debug] Processing with RigInboundGatewayWeb.V1.SubscriptionController.set_subscriptions/2
rig-dev | Parameters: [UNFETCHED]
rig-dev | Pipelines: [:api]
rig-dev | 16:15:06.145 module=Plug.Logger request_id=Fn_mwLBz4wK9hIAAAABB [debug] PUT /_rig/v1/connection/ws/0B7ilUe9imppbOep5E9Gw_KD8ZR7Jal4HK2ZyG0cZXO2VBwxAxT8ZIUGA_YORriC7I3nppuaNfv48PQzbtQ=/subscriptions
rig-dev | 16:15:06.149 module=RigInboundGatewayWeb.V1.SubscriptionController request_id=Fn_mwLBz4wK9hIAAAABB [warn] failed to associate to session: ["%RIG.JWT.DecodeError{cause: "Invalid signature"}"]

..but I really expected this:

  • Successful subscription:

{"subscriptions":[{"eventType":"position","oneOf":[{"userType":"admin"}]....

Versions (please complete the following information):**

  • Host OS: Docker on MacOS[MacBook Pro (16-inch, 2019)]
  • Frontend: curl
  • RIG version as shown on startup: Reactive Interaction Gateway 3.0.0-alpha.1 [[email protected], ERTS 11.1.8, OTP 23]

Metadata

Metadata

Assignees

Labels

bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions