JWT token + Policy

Hello folks,

I trying to set authentication via JWT using Policy but im getting this error:

time="Feb 25 12:22:43" level=warning msg="Key not found in storage engine" err="key not found" inbound-key="****3f0f" prefix=auth-mgr
time="Feb 25 12:22:43" level=warning msg="Key not found in storage engine" err="key not found" inbound-key="****3f0f" prefix=auth-mgr

but if i’m using policies i dont need to set a key, right?

On configuration file its like this:

  "policies": {
     "policy_source": "file",
     "policy_record_name": "/opt/tyk-gateway/policies/policies.json"
   },

and the file its in right folder.

root@43ea6dc3048c:/opt/tyk-gateway# ls policies/
policies.json

api file:

{
  "enable_context_vars": true,
  "name": "Simula Rota JWT",
  "api_id": "40",
  "org_id": "",
  "use_basic_auth": false,
  "use_keyless": false,
  "use_oauth2": false,
  "enable_jwt": true,
  "jwt_signing_method":"hmac",
  "jwt_source":"dHlrMTIz",
  "jwt_identity_base_field":"clientid",
  "jwt_policy_field_name": 123456789,
  "auth": {
     "auth_header_name": "Authorization" 
   },
  "version_data": {
  "not_versioned": true,
  "versions": {
      "Default": {
          "name": "Default",
          "expires": "3000-01-02 15:04",
          "use_extended_paths": true,
          "extended_paths": {
              "ignored": [],
              "white_list": [],
              "black_list": [],
              "cache": [
                  "get"
              ],
              "transform": []
          }
      }
  }
 },
 "proxy": {
  "listen_path": "/jwt/",
  "target_url": "http://httpbin.org",
  "strip_listen_path": true,
  "preserve_host_header": true
 },
 "custom_middleware": {
   "pre": [
      {
          "name": "bearerAuthMiddleware",
          "path": "middleware/bearerAuthMiddleware.js",
          "require_session": false
      }
    ]
 },
 "enable_batch_request_support": true
}

policy file

{
  "123456789": {
  "id":123456789,
  "access_rights": {
    "40": {
      "api_id": "40",
      "api_name": "Simula Rota JWT",
      "versions": [
        "Default"
      ]
    }
  },
 "active": true,
 "name": "Main Policy",
 "allowance":100,
 "rate": 100,
 "per": 1,
 "expires":-1,
 "org_id": ""
 }
}

curl Comando from Postman:

curl --location --request GET 'http://localhost:8080/jwt/get' \
      --header 'Authorization: Bearer  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiTWFyY29zIE9sZWlybyIsImNsaWVudGlkIjoiMWEyYTNhNGE1YTZhN2E4YTlhMGEiLCJpYXQiOjE1MTYyMzkwMjIsInBvbCI6MTIzNDU2Nzg5fQ.JJktBquE5yn84og7Bl5-Om3R25m32P5i2roitJBiH-w' \
--header 'Content-Type: application/json' \
--header 'x-application-id: user1' 

How i created token (the secret is tyk123)

This is the request received on middleware:

{“AddParams”:{},“Body”:“”,“DeleteHeaders”:[],“DeleteParams”:[],“ExtendedParams”:{},“Headers”:{“Accept”:[“/”],“Accept-Encoding”:[“gzip, deflate, br”],“Authorization”:[“Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiTWFyY29zIE9sZWlybyIsImNsaWVudGlkIjoiMWEyYTNhNGE1YTZhN2E4YTlhMGEiLCJpYXQiOjE1MTYyMzkwMjIsInBvbCI6MTIzNDU2Nzg5fQ.JJktBquE5yn84og7Bl5-Om3R25m32P5i2roitJBiH-w”],“Connection”:[“keep-alive”],“Content-Type”:[“application/json”],“Host”:[“localhost:8080”],“Postman-Token”:[“38db5a89-c42b-40dc-810e-4024cbbbda17”],“User-Agent”:[“PostmanRuntime/7.26.10”],“X-Application-Id”:[“user1”]},“IgnoreBody”:false,“Method”:“GET”,“Params”:{},“RequestURI”:“/jwt/get”,“ReturnOverrides”:{“OverrideError”:false,“ResponseBody”:“”,“ResponseCode”:0,“ResponseError”:“”,“ResponseHeaders”:null},“Scheme”:“http”,“SetHeaders”:{},“URL”:“/jwt/get”}" prefix=jsvm type=log-msg

Thanks in advance

Hello @Marcos-Oleiro

So one you create the policy, do you create a key under that policy?

Furthermore, at what point do you get the error? Do you get it when trying to access the API with JWT token or when you try to create a key under the policy?

Hello

Sorry for the late reply, busy with another things.

How do i create a key for the policy using community edition?
I got this erro when i tried to access the API with a JWT token.

Hello @Marcos-Oleiro,

You can visit our documentation for that Tyk Gateway API.

If you look under the Keys sections you will be able to create a key using the POST method.

There’s no way i can do this when i start my container? Like i do with my apí’s and middlewares.

@Marcos-Oleiro it is possible. You can create shell script loops a curl command on /hello endpoint on your gateway to check when the gateway comes up or something like wait-for-it.sh to verify when the gateway is up. Once the gateway is up you can use curl to complete this API call which would create the key for you. Keys are not saved as files like the APIs they are stored in redis.

1 Like

Got it, thanks @zaid, i’ll try to make these things.

1 Like

@zaid do i need to set key to a policy when i’m using tyk pro too? How do i do this?

@Marcos-Oleiro when you create a key you can choose to create it by applying a policy to it or by choosing a specific list of APIs for it, the choice is yours, but you do have to choose one of those options.

Here is a screen shot of the settings on Tyk Pro

@zaid but i need to create?

@Marcos-Oleiro you do not need a policy to create a key. All you need is an API