Branch/Environment/Version
- Branch/Version: v4.0.0
- Environment: Hybrid
Describe the bug
no update Access right for key using jwt
Reproduction steps
Steps to reproduce the behaviour:
- Add api test1: enable jwt, jwt_default_policies is “defautl”
- create policy default with no “access_rights” to using all API
- create policy pol1 with “access_rights” to access test1
Actual behaviour
Create jwt token with pol1, using it → success
Create jwt token no policy and same userId → “error”: “Access to this API has been disallowed”
Expected behaviour
I think it can access all API which default policy
Screenshots/Video
If applicable, add screenshots or video to help explain your problem.
Logs (debug mode or log file):
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Started”,“mw”:“VersionCheck”,“org_id”:“default”,"orig
in":“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“ts”:1683170735700554637}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“code”:200,“level”:“debug”,“msg”:“Finished”,“mw”:“VersionCheck”,“ns”:724600,
“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Started”,“mw”:“RateCheckMW”,“org_id”:“default”,"origi
n":“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“ts”:1683170735702046237}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“code”:200,“level”:“debug”,“msg”:“Finished”,“mw”:“RateCheckMW”,“ns”:1303500,
“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Started”,“mw”:“JWTMiddleware”,“org_id”:“default”,"ori
gin":“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“ts”:1683170735704304037}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“JWT authority is centralised”,“mw”:“JWTMiddleware”,"o
rg_id":“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Found User Id in Base Field”,“mw”:“JWTMiddleware”,"or
g_id":“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“userId”:“hlinh99”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:"JWT Temporary session ID is: default1ad6cc9574d7ae7c5
411d9a151bc0c03",“mw”:“JWTMiddleware”,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Querying local cache”,“mw”:“JWTMiddleware”,“org_id”:"
default",“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Querying keystore”,“mw”:“JWTMiddleware”,“org_id”:"def
ault",“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Got key”,“mw”:“JWTMiddleware”,“org_id”:“default”,"ori
gin":“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:"Could not identify a policy to apply to this token fr
om field: pid",“mw”:“JWTMiddleware”,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“level”:“debug”,“msg”:“Key found”,“mw”:“JWTMiddleware”,“org_id”:“default”,"o
rigin":“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“code”:200,“level”:“debug”,“msg”:“Finished”,“mw”:“JWTMiddleware”,“ns”:575739
99,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“key”:“****0c03”,“level”:“debug”,“msg”:“Started”,“mw”:“KeyExpired”,“org_id”:
“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“ts”:1683170735765694435}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“code”:200,“key”:“****0c03”,“level”:“debug”,“msg”:“Finished”,“mw”:"KeyExpire
d",“ns”:1572400,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“key”:“****0c03”,“level”:“debug”,“msg”:“Started”,“mw”:“AccessRightsCheck”,"o
rg_id":“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”,“ts”:1683170735772628335}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“key”:“****0c03”,“level”:“info”,“msg”:“Attempted access to unauthorised API”
,“mw”:“AccessRightsCheck”,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:“2023-05-04T10:25:35+07:00”}
{“level”:“debug”,“msg”:“Attempting to write analytics records…”,“time”:“2023-05-04T10:25:35+07:00”}
{“level”:“info”,“msg”:“Purged analytics records…”,“time”:“2023-05-04T10:25:35+07:00”}
{“api_id”:“63297b48e97c40734f9fdb92”,“api_name”:“test6”,“code”:403,“error”:“Access to this API has been disallowed”,“key”:“****0c03”
,“level”:“debug”,“msg”:“Finished”,“mw”:“AccessRightsCheck”,“ns”:8150800,“org_id”:“default”,“origin”:“172.20.16.1”,“path”:“/test/”,“time”:"2023-05-04T10:25:3
5+07:00"}
Configuration (tyk config file):
{
“hostname”: “”,
“listen_address”: “”,
“listen_port”: 8080,
“control_api_hostname”: “”,
“control_api_port”: 0,
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“node_secret”: “”,
“pid_file_location”: “”,
“allow_insecure_configs”: false,
“public_key_path”: “”,
“allow_remote_config”: false,
“security”: {
“private_certificate_encoding_secret”: “”,
“control_api_use_mutual_tls”: false,
“pinned_public_keys”: null,
“certificates”: {
“apis”: null,
“upstream”: null,
“control_api”: null,
“dashboard_api”: null,
“mdcb_api”: null
}
},
“http_server_options”: {
“read_timeout”: 0,
“write_timeout”: 0,
“use_ssl”: false,
“use_ssl_le”: false,
“enable_http2”: true,
“ssl_insecure_skip_verify”: false,
“enable_websockets”: true,
“certificates”: [
{
“cert_file”: “/opt/idg-api-gateway/ssl-file/cert.cert”,
“key_file”: “/opt/idg-api-gateway/ssl-file/cert.key”
}
],
“ssl_certificates”: null,
“server_name”: “”,
“min_version”: 0,
“max_version”: 0,
“flush_interval”: 0,
“skip_url_cleaning”: false,
“skip_target_path_escaping”: false,
“ssl_ciphers”: null
},
“version_header”: “”,
“suppress_redis_signal_reload”: true,
“hash_keys”: false,
“hash_key_function”: “”,
“hash_key_function_fallback”: null,
“enable_hashed_keys_listing”: false,
“min_token_length”: 0,
“template_path”: “templates”,
“policies”: {
“policy_source”: “file”,
“policy_connection_string”: “”,
“policy_record_name”: “./policies/default.json”,
“allow_explicit_policy_id”: false
},
“ports_whitelist”: null,
“disable_ports_whitelist”: false,
“app_path”: “apps/”,
“use_db_app_configs”: false,
“db_app_conf_options”: {
“connection_string”: “”,
“node_is_segmented”: false,
“tags”: null
},
“storage”: {
“type”: “redis”,
“addrs”: [
“...:*”
],
"username": "*",
"password": "******",
"database": 0,
"optimisation_max_idle": 100,
"optimisation_max_active": 0,
"timeout": 0,
"enable_cluster": true,
"use_ssl": false,
"ssl_insecure_skip_verify": false
},
"disable_dashboard_zeroconf": false,
"slave_options": {
"use_rpc": false,
"use_ssl": false,
"ssl_insecure_skip_verify": false,
"connection_string": "",
"rpc_key": "",
"api_key": "",
"enable_rpc_cache": false,
"bind_to_slugs": false,
"disable_keyspace_sync": false,
"group_id": "",
"call_timeout": 0,
"ping_timeout": 0,
"rpc_pool_size": 0,
"key_space_sync_interval": 0
},
"management_node": false,
"auth_override": {
"force_auth_provider": false,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": null
},
"force_session_provider": false,
"session_provider": {
"name": "",
"storage_engine": "",
"meta": null
}
},
"enable_redis_rolling_limiter": true,
"enable_sentinel_rate_limiter": false,
"enable_non_transactional_rate_limiter": false,
"drl_notification_frequency": 0,
"drl_threshold": 0,
"drl_enable_sentinel_rate_limiter": false,
"enforce_org_data_age": false,
"enforce_org_data_detail_logging": false,
"enforce_org_quotas": false,
"experimental_process_org_off_thread": false,
"monitor": {
"enable_trigger_monitors": false,
"configuration": {
"method": "",
"target_path": "",
"template_path": "",
"header_map": null,
"event_timeout": 0
},
"global_trigger_limit": 0,
"monitor_user_keys": false,
"monitor_org_keys": false
},
"max_idle_connections": 0,
"max_idle_connections_per_host": 0,
"max_conn_time": 0,
"close_connections": false,
"enable_custom_domains": false,
"allow_master_keys": false,
"service_discovery": {
"default_cache_timeout": 0
},
"proxy_ssl_insecure_skip_verify": false,
"proxy_enable_http2": false,
"proxy_ssl_min_version": 0,
"proxy_ssl_max_version": 0,
"proxy_ssl_ciphers": null,
"proxy_default_timeout": 0,
"proxy_ssl_disable_renegotiation": false,
"proxy_close_connections": false,
"uptime_tests": {
"disable": false,
"poller_group": "",
"config": {
"failure_trigger_sample_size": 0,
"time_wait": 0,
"checker_pool_size": 0,
"enable_uptime_analytics": true
}
},
"health_check": {
"enable_health_checks": false,
"health_check_value_timeouts": 0
},
"health_check_endpoint_name": "",
"oauth_refresh_token_expire": 0,
"oauth_token_expire": 0,
"oauth_token_expired_retain_period": 0,
"oauth_redirect_uri_separator": "",
"oauth_error_status_code": 0,
"enable_key_logging": false,
"ssl_force_common_name_check": false,
"enable_analytics": true,
"analytics_config": {
"type": "",
"ignored_ips": [],
"enable_detailed_recording": false,
"enable_geo_ip": false,
"geo_ip_db_path": "",
"normalise_urls": {
"enabled": false,
"normalise_uuids": false,
"normalise_numbers": false,
"custom_patterns": null
},
"pool_size": 0,
"records_buffer_size": 0,
"storage_expiration_time": 0,
"enable_multiple_analytics_keys": false,
"purge_interval": 0
},
"enable_separate_analytics_store": false,
"analytics_storage": {
"type": "redis",
"addrs": [
"10.168.3.48:31836",
"10.168.3.49:31258",
"10.168.3.55:30167",
"10.168.3.49:31486",
"10.168.3.48:30618",
"10.168.3.55:31640"
],
"username": "lBspyDLPvyk=",
"password": "xZGWU/onqypU9A5F2Meung==",
"database": 0,
"optimisation_max_idle": 100,
"optimisation_max_active": 0,
"timeout": 0,
"enable_cluster": true,
"use_ssl": false,
"ssl_insecure_skip_verify": false
},
"liveness_check": {
"check_duration": 0
},
"dns_cache": {
"enabled": false,
"ttl": 3600,
"multiple_ips_handle_strategy": "no_cache"
},
"disable_regexp_cache": false,
"regexp_cache_expire": 0,
"local_session_cache": {
"disable_cached_session_state": false,
"cached_session_timeout": 0,
"cached_session_eviction": 0
},
"enable_separate_cache_store": false,
"cache_storage": {
"type": "redis",
"addrs": [
"10.168.3.48:31836",
"10.168.3.49:31258",
"10.168.3.55:30167",
"10.168.3.49:31486",
"10.168.3.48:30618",
"10.168.3.55:31640"
],
"username": "lBspyDLPvyk=",
"password": "xZGWU/onqypU9A5F2Meung==",
"database": 0,
"optimisation_max_idle": 100,
"optimisation_max_active": 0,
"timeout": 0,
"enable_cluster": true,
"use_ssl": false,
"ssl_insecure_skip_verify": false
},
"enable_bundle_downloader": false,
"bundle_base_url": "",
"bundle_insecure_skip_verify": false,
"enable_jsvm": false,
"jsvm_timeout": 0,
"disable_virtual_path_blobs": false,
"tyk_js_path": "",
"middleware_path": "middleware",
"coprocess_options": {
"enable_coprocess": true,
"coprocess_grpc_server": "tcp://127.0.0.1:5555",
"grpc_recv_max_size": 100000000,
"grpc_send_max_size": 100000000,
"python_path_prefix": "",
"python_version": ""
},
"ignore_endpoint_case": false,
"ignore_canonical_mime_header_key": true,
"log_level": "debug",
"tracing": {
"name": "",
"enabled": false,
"options": null
},
"newrelic": {
"app_name": "",
"license_key": ""
},
"enable_http_profiler": false,
"use_redis_log": false,
"use_sentry": false,
"sentry_code": "",
"sentry_log_level": "",
"use_syslog": false,
"syslog_transport": "",
"syslog_network_addr": "",
"use_graylog": false,
"graylog_network_addr": "",
"use_logstash": false,
"logstash_transport": "",
"logstash_network_addr": "",
"track_404_logs": false,
"statsd_connection_string": "",
"statsd_prefix": "",
"event_handlers": {
"events": null
},
"event_trigers_defunct": null,
"event_triggers_defunct": null,
"hide_generator_header": false,
"suppress_default_org_store": false,
"legacy_enable_allowance_countdown": false,
"force_global_session_lifetime": false,
"global_session_lifetime": 0,
"kv": {
"consul": {
"address": "",
"scheme": "",
"datacenter": "",
"http_auth": {
"username": "",
"password": ""
},
"wait_time": 0,
"token": "",
"tls_config": {
"address": "",
"ca_file": "",
"ca_path": "",
"cert_file": "",
"key_file": "",
"insecure_skip_verify": false
}
},
"vault": {
"address": "",
"agent_address": "",
"max_retries": 0,
"timeout": 0,
"token": "",
"kv_version": 0
}
},
"secrets": null,
"override_messages": null,
"cloud": false,
"jwt_ssl_insecure_skip_verify": false
}
Additional context
Add any other context about the problem here.
