Getting Error while generating Access Token for Mi...

Report Inappropriate Content · 07-18-2018 01:56 AM

Hi Guys,

My current nodejs version is v6.11.2,

current edgemicro version is 2.5.19

Can able to initialize edgemicro and get it running.

As mentioned in documentation getting "Missing Authorization header"

while making curl request,

curl -i http://localhost:8000/hello/echo

Now I am getting error while trying to generate Access Token,

using a similar command,

edgemicro token get -o [org] -e test -i [key]-s [secret]

Error Message,

{ fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }

I traced the edgemicro-auth proxy during that time, it shows 500 error with the same error message.

Tried using Api Key with x-api-key header, it disaplyed similar 500 error on JWT policy.

As mentioned in documentation created API product and Developer App. Can you guys help to fix this?

Former Community Member

Looks like the Generate JWT policy in the "VerifyApiKey" condition is missing the nbf claim. Can you please add the claim as shown here?

https://github.com/apigee/microgateway-edgeauth/blob/master/apiproxy/policies/Generate-VerifyKey-Tok...

<NotBefore ref="nbf"/>

Report Inappropriate Content

Getting same error after that.

My Generate VerifyKey Token

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-VerifyKey-Token">
    <DisplayName>Generate VerifyKey Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <AdditionalClaims>
        <Claim name="client_id" ref="apigee.client_id" type="string"/>
        <Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
        <Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
        <Claim name="developer_email" ref="apigee.developer.email" type="string"/>
    </AdditionalClaims>
    <AdditionalHeaders/>
    <Algorithm>RS256</Algorithm>
    <Audience>microgateway</Audience>
    <NotBefore ref="nbf"/>
    <ExpiresIn>1m</ExpiresIn>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Issuer ref="iss"/>
    <OutputVariable>jwtmessage</OutputVariable>
    <PrivateKey>
        <Value ref="private.privateKey"/>
        <Id ref="private.private_key_kid"/>
    </PrivateKey>
</GenerateJWT>

My Generate Access Token

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-Access-Token">
    <DisplayName>Generate Access Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <AdditionalClaims>
        <Claim name="client_id" ref="apigee.client_id" type="string"/>
        <Claim name="access_token" ref="apigee.access_token" type="string"/>
        <Claim array="true" name="api_product_list" ref="apiProductList" type="string"/>
        <Claim name="application_name" ref="apigee.developer.app.name" type="string"/>
        <Claim name="developer_email" ref="apigee.developer.email" type="string"/>
        <Claim array="true" name="scopes" ref="scope" type="string"/>
    </AdditionalClaims>
    <AdditionalHeaders/>
    <Algorithm>RS256</Algorithm>
    <Audience>microgateway</Audience>
    <NotBefore ref="nbf"/>
    <ExpiresIn>30m</ExpiresIn>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Issuer ref="iss"/>
    <OutputVariable>jwtmessage</OutputVariable>
    <PrivateKey>
        <Value ref="private.privateKey"/>
        <Id ref="private.private_key_kid"/>
    </PrivateKey>
</GenerateJWT>

kwu

I checked the Generate-VerifyKey-Token.xml in 2.5.19 and it already contains <NotBeforeref="nbf"/>.

I also get the same error. OC { fault: { faultstring: 'Failed to Resolve Variable : policy(Generate-Access-Token) variable(nbf)', detail: { errorcode: 'steps.jwt.FailedToResolveVariableException' } } }

Report Inappropriate Content

I also get the same error. Checked both Generate-VerifyKey-Token.xml and Generate-Access-Token.xml. They already contains <NotBeforeref="nbf"/>.

Former Community Member

We identified a bug in the previous release. A new version has been pushed. Can you please try the following?

upgrade to latest edgemicro:

npm install -g edgemicro

upgrade the proxy

edgemicro upgradeauth

In the event you are unable to upgrade edgemicro or the proxy, add this link to the edgemicro-auth API Proxy:

https://github.com/apigee/microgateway-edgeauth/blob/master/apiproxy/resources/jsc/set-jwt-variables...

Report Inappropriate Content

Thank you! After upgrade, I can generate tokens.

kwu

Great! Thank you! Works for me too!

vineetb

Hi @srinandans We are using edgemicro version is 2.5.30, Private (on-prem) Edge Version 4.18.01.00 and still getting the error

{
  "fault": {
    "faultstring": "Failed to Resolve Variable : policy(Generate-Access-Token) variable(private.private_key_kid)",
    "detail": {
      "errorcode": "steps.jwt.FailedToResolveVariableException"
    }
  }
}

Former Community Member

It appears the KVM hasn't been setup properly. Can you please try:

edgemicro upgradekvm

vineetb

I was able to resolve this by deleting the Key Value Maps called "microgateway" and reinstalling edgemicro.

amitsharma

Hi @srinandans, I am using Apigee Edge Cloud and I am getting the following error.

{
    "fault": {
        "faultstring": "Failed to Resolve Variable : policy(JWT-Generate-RS256) variable(private.privatekey)",
        "detail": {
            "errorcode": "steps.jwt.FailedToResolveVariableException"
        }
    }
}

I have stored the privatekey in encrypted KVM and have configured following policy to read the KVM

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations name="KVW-GetPrivateSecureConfig" mapIdentifier="secrets">
    <Scope>environment</Scope>
    <ExpiryTimeInSecs>15</ExpiryTimeInSecs>
    <Get assignTo="private.privatekey">
        <Key>
            <Parameter>private.privatekey</Parameter>
        </Key>
    </Get>
</KeyValueMapOperations>

JWT Policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT name="JWT-Generate-RS256">
    <Algorithm>RS256</Algorithm>
    <PrivateKey>
        <Value ref="private.privatekey"/>
        <Id>unique-identifier-for-privatekey-here</Id>
    </PrivateKey>
    <Subject>subject-subject</Subject>
    <Issuer>urn://apigee-edge-JWT-policy</Issuer>
    <Audience>urn://c60511c0-12a2-473c-80fd-42528eb65a6a</Audience>
    <ExpiresIn>60m</ExpiresIn>   
    <OutputVariable>output-jwt</OutputVariable>
</GenerateJWT>

amitsharma

@srinandans I have identified the issue with the KVM policy. I didn't mention the correct mapidentified in the policy. Now I am no longer getting variable resolution error. However I am getting the following error:
{
    "fault": {
        "faultstring": "Failed to parse key: policy(JWT-Generate-RS256) ",
        "detail": {
            "errorcode": "steps.jwt.KeyParsingFailed"
        }
    }
}

sravanig231

Hello Team,

We are facing same issue while generating JWT. Can anyone solve this issue.

Thank you,

Denis_KALITVI

please open new thread for new question

Getting Error while generating Access Token for Microgateway