{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Microgateway /
avatar image
1
Question by Raj W · Jul 18, 2018 at 08:56 AM · 739 Views microgateway

Getting Error while generating Access Token for Microgateway

Hi Guys,

My current nodejs version is v6.11.2,

current edgemicro version is 2.5.19

Can able to initialize edgemicro and get it running.

As mentioned in documentation getting "Missing Authorization header"

while making curl request,

curl -i http://localhost:8000/hello/echo

Now I am getting error while trying to generate Access Token,

using a similar command,

edgemicro token get -o [org] -e test -i [key]-s [secret]

Error Message,

{ fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }

I traced the edgemicro-auth proxy during that time, it shows 500 error with the same error message.

Tried using Api Key with x-api-key header, it disaplyed similar 500 error on JWT policy.

As mentioned in documentation created API product and Developer App. Can you guys help to fix this?

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

3 Answers

  • Sort: 
avatar image
0

Answer by srinandans · Jul 19, 2018 at 12:41 AM

Looks like the Generate JWT policy in the "VerifyApiKey" condition is missing the nbf claim. Can you please add the claim as shown here?

https://github.com/apigee/microgateway-edgeauth/blob/master/apiproxy/policies/Generate-VerifyKey-Token.xml

<NotBefore ref="nbf"/>
Comment
Add comment Show 6 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Raj W · Jul 19, 2018 at 05:44 AM 0
Link

Getting same error after that.

My Generate VerifyKey Token

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-VerifyKey-Token">
    <DisplayName>Generate VerifyKey Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <AdditionalClaims>
        <Claim name="client_id" ref="apigee.client_id" type="string"/>
        <Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
        <Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
        <Claim name="developer_email" ref="apigee.developer.email" type="string"/>
    </AdditionalClaims>
    <AdditionalHeaders/>
    <Algorithm>RS256</Algorithm>
    <Audience>microgateway</Audience>
    <NotBefore ref="nbf"/>
    <ExpiresIn>1m</ExpiresIn>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Issuer ref="iss"/>
    <OutputVariable>jwtmessage</OutputVariable>
    <PrivateKey>
        <Value ref="private.privateKey"/>
        <Id ref="private.private_key_kid"/>
    </PrivateKey>
</GenerateJWT>

My Generate Access Token

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-Access-Token">
    <DisplayName>Generate Access Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <AdditionalClaims>
        <Claim name="client_id" ref="apigee.client_id" type="string"/>
        <Claim name="access_token" ref="apigee.access_token" type="string"/>
        <Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
        <Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
        <Claim name="developer_email" ref="apigee.developer.email" type="string"/>
        <Claim array="true" name="scopes" ref="scope" type="string"/>
    </AdditionalClaims>
    <AdditionalHeaders/>
    <Algorithm>RS256</Algorithm>
    <Audience>microgateway</Audience>
    <NotBefore ref="nbf"/>
    <ExpiresIn>30m</ExpiresIn>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Issuer ref="iss"/>
    <OutputVariable>jwtmessage</OutputVariable>
    <PrivateKey>
        <Value ref="private.privateKey"/>
        <Id ref="private.private_key_kid"/>
    </PrivateKey>
</GenerateJWT>


avatar image Karl Wu · Jul 19, 2018 at 03:06 PM 0
Link

I checked the Generate-VerifyKey-Token.xml in 2.5.19 and it already contains <NotBeforeref="nbf"/>.

I also get the same error. OC { fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }

avatar image Di Wang · Jul 19, 2018 at 03:13 PM 0
Link

I also get the same error. Checked both Generate-VerifyKey-Token.xml and Generate-Access-Token.xml. They already contains <NotBeforeref="nbf"/>.

avatar image srinandans ♦ Di Wang · Jul 19, 2018 at 03:17 PM 1
Link

We identified a bug in the previous release. A new version has been pushed. Can you please try the following?

upgrade to latest edgemicro:

npm install -g edgemicro

upgrade the proxy

edgemicro upgradeauth

In the event you are unable to upgrade edgemicro or the proxy, add this link to the edgemicro-auth API Proxy:

https://github.com/apigee/microgateway-edgeauth/blob/master/apiproxy/resources/jsc/set-jwt-variables.js#L50

avatar image Di Wang srinandans ♦ · Jul 19, 2018 at 03:24 PM 0
Link

Thank you! After upgrade, I can generate tokens.

avatar image Karl Wu · Jul 19, 2018 at 05:42 PM 0
Link

Great! Thank you! Works for me too!

avatar image
0

Answer by Vineet Bhatia · Apr 08 at 03:35 PM

Hi @srinandans We are using edgemicro version is 2.5.30, Private (on-prem) Edge Version 4.18.01.00 and still getting the error

{
  "fault": {
    "faultstring": "Failed to Resolve Variable : policy(Generate-Access-Token) variable(private.private_key_kid)",
    "detail": {
      "errorcode": "steps.jwt.FailedToResolveVariableException"
    }
  }
}
Comment
Add comment Show 2 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image srinandans ♦ · Apr 08 at 04:00 PM 0
Link

It appears the KVM hasn't been setup properly. Can you please try:

edgemicro upgradekvm
avatar image Vineet Bhatia · Apr 08 at 04:20 PM 0
Link

I was able to resolve this by deleting the Key Value Maps called "microgateway" and reinstalling edgemicro.

avatar image
0

Answer by Amit Sharma · Apr 11 at 03:26 PM

Hi @srinandans, I am using Apigee Edge Cloud and I am getting the following error.

{
    "fault": {
        "faultstring": "Failed to Resolve Variable : policy(JWT-Generate-RS256) variable(private.privatekey)",
        "detail": {
            "errorcode": "steps.jwt.FailedToResolveVariableException"
        }
    }
}

I have stored the privatekey in encrypted KVM and have configured following policy to read the KVM

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations name="KVW-GetPrivateSecureConfig" mapIdentifier="secrets">
    <Scope>environment</Scope>
    <ExpiryTimeInSecs>15</ExpiryTimeInSecs>
    <Get assignTo="private.privatekey">
        <Key>
            <Parameter>private.privatekey</Parameter>
        </Key>
    </Get>
</KeyValueMapOperations>

JWT Policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT name="JWT-Generate-RS256">
    <Algorithm>RS256</Algorithm>
    <PrivateKey>
        <Value ref="private.privatekey"/>
        <Id>unique-identifier-for-privatekey-here</Id>
    </PrivateKey>
    <Subject>subject-subject</Subject>
    <Issuer>urn://apigee-edge-JWT-policy</Issuer>
    <Audience>urn://c60511c0-12a2-473c-80fd-42528eb65a6a</Audience>
    <ExpiresIn>60m</ExpiresIn>   
    <OutputVariable>output-jwt</OutputVariable>
</GenerateJWT>
Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Amit Sharma · Apr 11 at 03:41 PM 0
Link
@srinandans I have identified the issue with the KVM policy. I didn't mention the correct mapidentified in the policy. Now I am no longer getting variable resolution error. However I am getting the following error:
{
    "fault": {
        "faultstring": "Failed to parse key: policy(JWT-Generate-RS256) ",
        "detail": {
            "errorcode": "steps.jwt.KeyParsingFailed"
        }
    }
}

Follow this Question

Answers Answers and Comments

63 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Install a key pair on Edge- Public Key generation error 2 Answers

Autoscaling for Edgemicro? 3 Answers

There is a delay between generating a edgemicro token and using it. 1 Answer

Change JWT Expiration interval in Edgemicro OAuth Implementation 3 Answers

edgemicro cannot synchronise settings when starting 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges