Rate limiting policy is not being applied dynamically using JWT scope claims mapping

avgk · April 27, 2022, 12:30pm

Hi, I am using a trial version of tyk cloud gateway. I have created an api using JWT authentication type. actially I want to rate limit dynamically on the basis of JWT policy claims. I have added two policy and mapped those policy in the API definition . but when I am trying to access the api tyk is not blocking the request as per the rate limit which i set in the policy. Any help would be really appreciated.

My steps are as follows:

created an API
chosen authentication as JWT
payload of my JWT as below
{
“sub”: “37577”,
“name”: “ratnesh”,
“iat”: 1516239022,
“policy”: “user1”
}
added 2 policy JWT policy1 and JWT policy2
set rate limit 5 per 60 sec for JWT policy1 and 10 per 60 sec for JWT policy2
mapped the JWT scope claims in API definition as
Claim name Policy name
user1 JWT policy1
user2 JWT policy2
I am generating the JWT tokens for both type of policy claims

Now, when I try to hit the API by passing these JWT token Rate limit is not working as expected. for continuous hits I am getting the response no blocking at all.

Olu · April 27, 2022, 4:16pm

Hello @avgk and thanks for trying out Tyk Cloud. Are you using the gateway / ingress / edge endpoint to test the JWT and rate limiting behaviour?

If not then kindly go through this thread to tag your API for shading. After that, make your API request using the ingress/edge endpoint and let us know how it goes.

By the way, welcome to the community.

avgk · April 28, 2022, 11:26am

Thanks @Olu for your response !!

I followed your suggestion and tagged my API shading and also using ingress URL now to access the API. Now rate limit policy are working fine but I am keep on getting 404 response when accessing the API from postman.

my service is running on localhost:8080. I have exposed the localhost using NGROK wherein i issue the command “ngrok http 8080”. While I’m trying to access the endpoint, I’m getting Status Code:404 (not found).

Olu · April 28, 2022, 1:31pm

Do you have access to the gateway logs?

If you are using Tyk OSS or Tyk Self-Managed, then you could enable debug mode on the gateway in the config file to see the debug logs. I have dropped a sample of a quick request I made

If you can see the logs then you want to be on the look out for the Outbound request URL to be sure there are no transformations going on.

avgk · April 28, 2022, 4:52pm

Hi @Olu I am new to tyk and just started exploring It. currently using tyk cloud trial version and I have windows 10 machine. from where I can get this tyk.config file?

avgk · April 29, 2022, 7:08am

Hi @Olu , I caught my mistake. now its working fine and getting the response properly. Thanks for your support !!

Olu · April 29, 2022, 8:43am

That’s Great! Thanks for the update. I am glad I could help.