Getting Error while generating Access Token for Microgateway
Hi Guys,
My current nodejs version is v6.11.2,
current edgemicro version is 2.5.19
Can able to initialize edgemicro and get it running.
As mentioned in documentation getting "Missing Authorization header"
while making curl request,
curl -i http://localhost:8000/hello/echo
Now I am getting error while trying to generate Access Token,
using a similar command,
edgemicro token get -o [org] -e test -i [key]-s [secret]
Error Message,
{ fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }
I traced the edgemicro-auth proxy during that time, it shows 500 error with the same error message.
Tried using Api Key with x-api-key header, it disaplyed similar 500 error on JWT policy.
As mentioned in documentation created API product and Developer App. Can you guys help to fix this?
Looks like the Generate JWT policy in the "VerifyApiKey" condition is missing the nbf claim. Can you please add the claim as shown here?
<NotBefore ref="nbf"/>
Getting same error after that.
My Generate VerifyKey Token
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-VerifyKey-Token">
<DisplayName>Generate VerifyKey Token</DisplayName>
<FaultRules/>
<Properties/>
<AdditionalClaims>
<Claim name="client_id" ref="apigee.client_id" type="string"/>
<Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
<Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
<Claim name="developer_email" ref="apigee.developer.email" type="string"/>
</AdditionalClaims>
<AdditionalHeaders/>
<Algorithm>RS256</Algorithm>
<Audience>microgateway</Audience>
<NotBefore ref="nbf"/>
<ExpiresIn>1m</ExpiresIn>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<Issuer ref="iss"/>
<OutputVariable>jwtmessage</OutputVariable>
<PrivateKey>
<Value ref="private.privateKey"/>
<Id ref="private.private_key_kid"/>
</PrivateKey>
</GenerateJWT>
My Generate Access Token
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-Access-Token">
<DisplayName>Generate Access Token</DisplayName>
<FaultRules/>
<Properties/>
<AdditionalClaims>
<Claim name="client_id" ref="apigee.client_id" type="string"/>
<Claim name="access_token" ref="apigee.access_token" type="string"/>
<Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
<Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
<Claim name="developer_email" ref="apigee.developer.email" type="string"/>
<Claim array="true" name="scopes" ref="scope" type="string"/>
</AdditionalClaims>
<AdditionalHeaders/>
<Algorithm>RS256</Algorithm>
<Audience>microgateway</Audience>
<NotBefore ref="nbf"/>
<ExpiresIn>30m</ExpiresIn>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<Issuer ref="iss"/>
<OutputVariable>jwtmessage</OutputVariable>
<PrivateKey>
<Value ref="private.privateKey"/>
<Id ref="private.private_key_kid"/>
</PrivateKey>
</GenerateJWT>
I checked the Generate-VerifyKey-Token.xml in 2.5.19 and it already contains <NotBeforeref="nbf"/>.
I also get the same error. OC { fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }
I also get the same error. Checked both Generate-VerifyKey-Token.xml and Generate-Access-Token.xml. They already contains <NotBeforeref="nbf"/>.
We identified a bug in the previous release. A new version has been pushed. Can you please try the following?
upgrade to latest edgemicro:
npm install -g edgemicro
upgrade the proxy
edgemicro upgradeauth
In the event you are unable to upgrade edgemicro or the proxy, add this link to the edgemicro-auth API Proxy:
Thank you! After upgrade, I can generate tokens.
Hi @srinandans We are using edgemicro version is 2.5.30, Private (on-prem) Edge Version 4.18.01.00 and still getting the error
{
"fault": {
"faultstring": "Failed to Resolve Variable : policy(Generate-Access-Token) variable(private.private_key_kid)",
"detail": {
"errorcode": "steps.jwt.FailedToResolveVariableException"
}
}
}
It appears the KVM hasn't been setup properly. Can you please try:
edgemicro upgradekvm
I was able to resolve this by deleting the Key Value Maps called "microgateway" and reinstalling edgemicro.
Hi @srinandans, I am using Apigee Edge Cloud and I am getting the following error.
{
"fault": {
"faultstring": "Failed to Resolve Variable : policy(JWT-Generate-RS256) variable(private.privatekey)",
"detail": {
"errorcode": "steps.jwt.FailedToResolveVariableException"
}
}
}
I have stored the privatekey in encrypted KVM and have configured following policy to read the KVM
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations name="KVW-GetPrivateSecureConfig" mapIdentifier="secrets">
<Scope>environment</Scope>
<ExpiryTimeInSecs>15</ExpiryTimeInSecs>
<Get assignTo="private.privatekey">
<Key>
<Parameter>private.privatekey</Parameter>
</Key>
</Get>
</KeyValueMapOperations>
JWT Policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT name="JWT-Generate-RS256">
<Algorithm>RS256</Algorithm>
<PrivateKey>
<Value ref="private.privatekey"/>
<Id>unique-identifier-for-privatekey-here</Id>
</PrivateKey>
<Subject>subject-subject</Subject>
<Issuer>urn://apigee-edge-JWT-policy</Issuer>
<Audience>urn://c60511c0-12a2-473c-80fd-42528eb65a6a</Audience>
<ExpiresIn>60m</ExpiresIn>
<OutputVariable>output-jwt</OutputVariable>
</GenerateJWT>
@srinandans I have identified the issue with the KVM policy. I didn't mention the correct mapidentified in the policy. Now I am no longer getting variable resolution error. However I am getting the following error:
{
"fault": {
"faultstring": "Failed to parse key: policy(JWT-Generate-RS256) ",
"detail": {
"errorcode": "steps.jwt.KeyParsingFailed"
}
}
}
