Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access token invalid when we have JWT and Oauth2 plugins within an API #1628

Closed
stephennyu opened this issue Sep 14, 2016 · 9 comments
Closed

Access token invalid when we have JWT and Oauth2 plugins within an API #1628

stephennyu opened this issue Sep 14, 2016 · 9 comments
Labels
plugins/oauth2

Comments

@stephennyu
Copy link

Summary

Well, I have just got a problem when I have an API and installed 2 plugins into it which are JWT and Oauth2 plugins. Then, when I try to access API using JWT credential I got an error message like this.

{"error_description":"The access token is invalid or has expired","error":"invalid_token"}

But when I remove the Oauth2 plugin from my API, everything works well.

Steps To Reproduce

  1. Add an API
  2. Install JWT plugin
  3. Install Oauth2 plugin
  4. Access API via localhost:8000/{api} -H 'Authorization: Bearer {jwt-token}', and I got this error message
    {"error_description":"The access token is invalid or has expired","error":"invalid_token"}

Additional Details & Logs

  • Kong version 0.9.1
@stephennyu
Copy link
Author

Note: Previously, I used Kong Version 0.8.3 and got no issue

@subnetmarco
Copy link
Member

subnetmarco commented Sep 14, 2016
edited
Loading

Access API via localhost:8000/{api} -H 'Authorization: Bearer {jwt-token}', and I got this error message {"error_description":"The access token is invalid or has expired","error":"invalid_token"}

Are you passing the OAuth2 access token too?

@stephennyu
Copy link
Author

@thefosk nope. I pass in only the token generated from JWT secret and key to the API

@subnetmarco
Copy link
Member

@stephennyu if you also have OAuth 2.0 installed on the API, the plugin should also expect an access token in the request. What kind of use-case are you trying to implement?

@stephennyu
Copy link
Author

I'm implementing a use case in which an API can be accessed through several methods such as JWT and Oauth2. I will use JWT for the internal app access such as front end or mobile app and Oauth2 for the third party / partner apps.

Note that I got no problem when I was using Kong version 0.8.3. This problem arises only when I have upgraded it into version 0.9.1

@subnetmarco
Copy link
Member

@stephennyu as far as I know multiple authentications are not supported, so may very well be a bug that has been fixed in 0.9.x (related to #590) - I would expect the OAuth 2.0 plugin to always validate an access token and make sure it's being sent.

Just to double-check, can you also append a valid access token to the request and see if it works?

@stephennyu
Copy link
Author

@thefosk tested and yes we should append an access token.I think I have been pretty clear with how it works here.
Thanks

@SyedSulaimanM
Copy link

@stephennyu i am facing the same issue now. Can you please let me know how you appended access_token with JWT token

@stephennyu
Copy link
Author

@SyedSulaimanM you can't do so. You need to have another API to handle that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
plugins/oauth2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@subnetmarco @bungle @thibaultcha @SyedSulaimanM @stephennyu