I have Enabled Context Vars in the API Definition File. I have also tested other tyk_context variables that exist, but token and jwt_claims_* dont.
“do_not_track”: false,
“enable_context_vars”: true
}
Url_Rewrite:
“url_rewrites”: [{
“path”: “example/test”,
“method”: “GET”,
“match_pattern”: “(.)/(. )”,
“rewrite_to”: “?sub=$tyk_context.jwt_claims_pol”
}]
Response, when testing from that example endpoint:
Hello Test! $tyk_context.jwt_claims_pol
Any help would be appreciated.
Thanks, Kartik
Martin
January 29, 2017, 5:18pm
2
Have yu restarted the Tyk process?
can you share your JWT (raw JSON)?
Are you using OIDC or JWT as the auth method?
Also what version are you running?
Thank you for the quick response. Yes I am on docker and have restarted many times. Yes I will share the raw json, I’ll be back by my laptop in an hour or so. I am using jwt as auth method. Version is 2.3.1 or 2, I’ll double check when I get back to the laptop, I am running the latest image of tyk from docker.
Martin
January 29, 2017, 7:47pm
4
Hi,
If you can share your api definition too that would be great - then we can replicate easier
M.
Martin
January 29, 2017, 8:36pm
5
On further investigation this looks like a more serious bug, I’ve raised an issue in our backlog to track it:
opened 08:35PM - 29 Jan 17 UTC
closed 09:15AM - 31 Jan 17 UTC
bug
help wanted
**Do you want to request a *feature* or report a *bug*?**
bug
**What is the … current behavior?**
When accessing an API with a JWT, and context variables enabled, the context variables are only set the first time the JWT is received.
**What is the expected behavior?**
The JWT claims should always be processed and exposed.
**If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem**
1. Create a JWT enabled API
2. Add a header injector that includes one of the claims using the `$tyk_context.jwt_claims_*` namespace
3. Check the request headers after making 2 requests
**Which versions of Tyk affected by this issue? Did this work in previous versions of Tyk?**
v2.3.x
Great, Here is the API definition and raw JWT JSON:
{
“iss”: “Trunomi”,
“aud”: [
“Trunomi”,
“enterprise-mock”,
“bobby_1”
],
“jti”: “d33bc950-e4f5-11e6-9119-9d4cc2e96baa”,
“pol”: policyid",
“sub”: “enterprise-mock::bobby_1”,
“iat”: 1485565514,
“exp”: 1485567314
}
API Definition for a simple test API:
{
“name”: “Trunomi Example API”,
“api_id”: “14db15b6-e4c7-11e6-bf01-fe55135034f3”,
“org_id”: “Trunomi-Dev”,
“definition”: {
“location”: “header”,
“key”: “x-trunomi-version”
},
“use_keyless”: false,
“enable_jwt”: true,
“jwt_source”: “Public KEY – I can give it to u privately if needed”,
“jwt_identity_base_field”: “sub”,
“jwt_policy_field_name”: “pol”,
“jwt_signing_method”: “rsa”,
“auth”: {
“auth_header_name”: “authorization”
},
“version_data”: {
“not_versioned”: false,
“versions”: {
“2016-02-28”: {
“name”: “2016-02-28”,
“expires”: “3000-01-02 15:04”,
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [],
“url_rewrites”: [{
“path”: “example/test”,
“method”: “GET”,
“match_pattern”: “(.)/(. )”,
“rewrite_to”: “?sub=$tyk_context.$jwt_claims_pol”
}]
}
}
}
},
“proxy”: {
“listen_path”: “/example/test”,
“target_url”: “http://dev.local.net:3050/test ”,
“strip_listen_path”: true
},
“do_not_track”: false,
“enable_context_vars”: true
}
So then I assume, i am hitting this because I am testing with the same JWT, I could just generate multiple for my tests and it would just work? Or is it for the same Public Key for verification?
Thanks, Kartik
Sorry for the delays in responses, had to run a few errands.
Thanks and appreciate the quick responses, great tech though!
In real use though this would be a major issue for sessions.
Looking at the JWT Middleware code; it looks like it could be pretty straightforward. A couple options:
I could attempt the fix, contribute back and use a custom build locally…
Create a custom JWT Middleware that works around it until its fixed…
Thoughts?
I have submitted a pul request with this fix.
@Martin I am going to fork the Docker project so I can get the fix I pushed until official Docker image is updated to the release containing the fix.
Thanks.
Martin
February 9, 2017, 5:08am
14
The docker projects should all be updated with the latest release now