Encountered access_denied using a freshly generated token on Microgateway (MG)
While testing a setup of a newly installed/configured MG, the freshly generated token would be denied. [*** Note that the setup is a local setup and is not for production; therefore, the key/secret are not production key/usage. ***]
$ edgemicro token get -o org1 -e dev -i sIXqz9MGzP2vJ4tFOU7MoiTIpRv2GmiK -s JKSdHTunbILHG3EG current nodejs version is v7.8.0 current edgemicro version is 2.3.5 { token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhcHBsaWNhdGlvbl9uYW1lIjoiMGQ3OTYzOTEtZWNmNS00ZTAyLTgyMzktYzYxNzA3NGJiYTRlIiwiY2xpZW50X2lkIjoic0lYcXo5TUd6UDJ2SjR0Rk9VN01vaVRJcFJ2MkdtaUsiLCJzY29wZXMiOltdLCJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImlhdCI6MTQ5MTcwMTg0MSwiZXhwIjoxNDkxNzAzNjQwfQ.oUPcDa8iPvOPW22NMQvZ2amJ0-ju5BuMbWCez4jTIKx1gy5Bz0Px0ANUg622SyvhKJqeCKj7F8DpgOhIE-3ofNC7ZivMePBX9Jt8ywVVXea40ZvyIHzFf9XdzR8PbFT5vmy_La0WutlRS4PMQ4lFFlBouBe0x99-l8cIfvBU_rx15nxEmz7qGgTQw62lx7b1feuNL-97CG4-6fQTmxwEi9jpFN28xo7-ZTwW1ZB72bdV-4QOmMMlt1cjoOFBTMC5GsZwTAGoqUskdlWbNleOayMA0UlArJFTTk3HdLesSsK-kmSGuGtpoPBFXg8eIIISdp3LZRDihHZJ7lPy3H2IPA' }
Run curl -i -H "Authorization: Bearer {token}" http://localhost:8000/hello/echo like below resulted in 403 access_denied error
$ curl -i -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhcHBsaWNhdGlvbl9uYW1lIjoiMGQ3OTYzOTEtZWNmNS00ZTAyLTgyMzktYzYxNzA3NGJiYTRlIiwiY2xpZW50X2lkIjoic0lYcXo5TUd6UDJ2SjR0Rk9VN01vaVRJcFJ2MkdtaUsiLCJzY29wZXMiOltdLCJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImlhdCI6MTQ5MTcwMTg0MSwiZXhwIjoxNDkxNzAzNjQwfQ.oUPcDa8iPvOPW22NMQvZ2amJ0-ju5BuMbWCez4jTIKx1gy5Bz0Px0ANUg622SyvhKJqeCKj7F8DpgOhIE-3ofNC7ZivMePBX9Jt8ywVVXea40ZvyIHzFf9XdzR8PbFT5vmy_La0WutlRS4PMQ4lFFlBouBe0x99-l8cIfvBU_rx15nxEmz7qGgTQw62lx7b1feuNL-97CG4-6fQTmxwEi9jpFN28xo7-ZTwW1ZB72bdV-4QOmMMlt1cjoOFBTMC5GsZwTAGoqUskdlWbNleOayMA0UlArJFTTk3HdLesSsK-kmSGuGtpoPBFXg8eIIISdp3LZRDihHZJ7lPy3H2IPA" http://localhost:8000/hello/echo HTTP/1.1 403 Forbidden content-type: application/json Date: Sat, 08 Apr 2017 18:58:55 GMT Connection: keep-alive Content-Length: 25 {"error":"access_denied"}
$ DEBUG=* edgemicro start -o org1 -e dev -k 5e3f3d95fad51606c7158279552e33e77fd2813d05cbec1cb05079b06e16f0e7 -s 3faa913b187f2a1127f956fca32652f9a22b7730e98d214225d7fa48a054b52c<br>
gateway:main selected proxy http://mocktarget.apigee.net/ with base path /hello for request path /hello/echo +2h gateway:main sourceRequest +3ms 47b1dfc0-1e3c-11e7-a497-8fe904e2607b GET /hello/echo plugin:oauth Token expired error +2h plugin:oauth auth failure 403 access_denied { 'user-agent': 'curl/7.29.0', host: 'localhost:8000', accept: '*/*' } GET /hello/echo +0ms gateway:errors access_denied +27ms analytics flushing 1 records. 0 records remaining. +97ms
In the above local setup, the MG node was set up with an NTP server while the Edge node did not have a proper NTP setup. Once the configuration for NTP on Edge was done, i.e.
sudo yum install ntp sudo service ntpd stop sudo ntpdate 0.rhel.pool.ntp.org sudo service ntpd start
All newly generated tokens were working correctly and the curl -i -H "Authorization: Bearer {token}" http://localhost:8000/hello/echo call received 200.
$ curl -i -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhcHBsaWNhdGlvbl9uYW1lIjoiMGQ3OTYzOTEtZWNmNS00ZTAyLTgyMzktYzYxNzA3NGJiYTRlIiwiY2xpZW50X2lkIjoic0lYcXo5TUd6UDJ2SjR0Rk9VN01vaVRJcFJ2MkdtaUsiLCJzY29wZXMiOltdLCJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImlhdCI6MTQ5MTg2Mzc3NCwiZXhwIjoxNDkxODY1NTczfQ.Cebs4eq477VmMQUxTPuDDYsO_-MC1dpZxfhHRVcbR0HsZhbBlbexYSoZQHh2H_uRS99UiDPKbLWxkskwQbLPdRplNHzyoD9kzmosccm_4zV7wo7z7dQO8LTQ3ZLhfzEYo7qQRbLmWXqzq69D6eMftXMFeuR32SyNeV3y20Ii8YiOpBDSBrug33NR3Qx34raeeOIvL9weTrvDJhqQbQ3sZQ7kAqcY-LeRTT_MgILJGqQ5aFjUhRpxPneCMv7tFR8RdeF5_NdiMlHrDALK9gJHV_H1bqLhE9OPqMsZUdbsDfjLDW1HnHQH8neXPYg9cfcW9O2ZDkLhdlgD3gBx6o2ADA" http://localhost:8000/hello/echo HTTP/1.1 200 OK access-control-allow-origin: * content-type: application/json; charset=utf-8 date: Mon, 10 Apr 2017 22:36:47 GMT etag: W/"1b1-2Kz2fWY+pqWPkT/xvN+TFg" x-powered-by: Apigee x-response-time: 387 Connection: keep-alive Transfer-Encoding: chunked {"headers":{"host":"mocktarget.apigee.net","accept":"*/*","user-agent":"curl/7.29.0","via":"1.1 localhost","x-authorization-claims":"eyJzY29wZXMiOltdfQ==","x-forwarded-host":"localhost:8000","x-request-id":"9819aab0-1e2d-11e7-a4c8-a3ca95aaab35.2e6de890-1e3e-11e7-a4c8-a3ca95aaab35","x-forwarded-for":"::1, 111.184.34.7","x-forwarded-port":"80","x-forwarded-proto":"http","connection":"keep-alive"},"method":"GET","url":"/","body":""}
Thanks for the tutorial. I'm currently trying to delete the certificate - so that is the process of deletion of the the key pair from the KVM, right? Found this doc CLI reference for Edge Microgateway link here. How can I upgrade a specific version of Edge Microgateway to the latest version of edgemicro-auth proxy? Thanks.
Looks interesting. But anyway I don't understand how to debug. I will try to read one more time and after play online https://slots.io/