edgemicro-auth returns malformed JWT (if multiple ...

Report Inappropriate Content · 10-10-2016 05:04 PM

When using edgemicro and JWT authentication.

The generated the JWT's claim field "api_product_list" includes space-prefixed product names.

Subsequently calling any api contained with the space-prefixed product name, cause the api call to be rejected.

Is this a known issues with edgemicro

STEPS TO REPRODUCE:

Subscribe your application to 2+ products. ("provider" and "testing") in this case.

Obtain the edgemicro JWT:

curl -i -X POST --user TMSCQYzFJGABqr1Qd0R7F2RTR6C:6IRJPccisKm0 "http://yourorg-test.apigee.net/edgemicro-auth/token" -d '{"grant_type": "client_credentials"}' -H "Content-Type: application/json"

Decode the returned JWT

  "application_name": "9f84f7-911e-4d90-bcec-f8cbd9b2b6",
  "client_id": "TMSCQYzFJGABqr1Qd0R7F2RTR6ZZZVvup",
  "scopes": [],
  "api_product_list": [
    "provider",
    " testing"
  ],
  "iat": 1475194622,
  "exp": 1475196421

Notice the api_product_list contains "<space>testing" (NOT "testing")

DChiesa

Very clearly explained, thanks.

@Srinandan Sridhar is working on some changes RIGHT NOW, which may correct this problem.

Former Community Member

@Murray Speight

I have confirmed the defect. This problem does not occur on the release I'm working on. Let me get back to you on when we can release the new version.

Report Inappropriate Content

@Srinandan Sridhar Has this been released?

edgemicro-auth returns malformed JWT (if multiple products), causes api calls to be rejected.