Hello,
I’ve been able to get JWT authentication in Tyk working using an HMAC secret. However, I want to use RSA encryption ideally.
I am working with Tyk latest version Community Edition on Ubuntu 22.04
I generated an RSA keypair as follows:
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
then to get the public key in the correct format:
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
I then base64 encoded the private key:
cat jwtRS256.key | base64 -w 0
and added:
"jwt_signing_method": "rsa",
"jwt_source": "...{base64 encoded private key}"
to my API definition.
I then generated a JWT with the correct policy ID set at https://jwt.io using the RS256 algorithm option. This is encoded correctly on that site and the signature is verified.
However, when I try to authenticate in Tyk I get the following errors in the log:
Mar 24 15:25:15 vmi1225482 tyk[502]: time="Mar 24 15:25:15" level=info msg="Attempted JWT access with non-existent key." api_id=1 api_name=image-operations-api mw=JWTMiddleware org_id=1 origin=x.x.x.x path="/images/images"
Mar 24 15:25:15 vmi1225482 tyk[502]: time="Mar 24 15:25:15" level=error msg="JWT validation error" api_id=1 api_name=image-operations-api error="Failed to decode JWT key" mw=JWTMiddleware org_id=1 origin=x.x.x.x path="/images/images"
What am I doing wrong? If someone could help me to get the correct procedure for making RSA-based JWT authentication working, I’d be grateful.