-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use context variable claims to access some JWT token payload claims(e.g iat and exp) #1567
Comments
#1563 adds support for all token header claims, in a similar way as body claims. Scheduled to be release in 2.5.4 next week. |
@buger the case here for iat and exp is not from the header claims, they are from payload(body) claims. |
Hm, it can be a different bug then, maybe its because this fields are numeric, and rest are strings. Can you verify this theory and check if you can access "iss" and "aud" in addition to "sub"? |
@buger You are right, I can access "iss" and "aud". |
@buger Can you help to re-open this bug and fix it? |
If you have a number in the “aud” does it work? |
@letzya When I give a number for "aud", there is error log in the console "JWT Invalid: Validation error. Validation error. Invalid Audiences type: float64" and response "Key not authorised" to the request. I try to add other number fields ("aud2"/"aud3"), neither can access their values, so I think it is caused by the number type issue just as @buger mentioned. |
Do you want to request a feature or report a bug?
bug
What is the current behavior?
I am using OIDC, with JWT to access api. After api call passed the auth, tyk_gateway cannot extract some token claims in token payload. eg. iat and exp in my token. While some other claims can be extracted. e.g. sub
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImkxMjM0NTY3ODAxIn0.eyJpc3MiOiJodHRwOi8vaWRwLXVhdC5pZnVuZC5jb20uaGsvIiwic3ViIjoiaTEyMzQ1Njc4MDEiLCJpYXQiOjE1MjE3OTM1MDcsImV4cCI6MTUzMTc5MzUwOCwiYXVkIjoiYjJiIn0.YOPiT4KHcRnwS6ZTtKutPsrRkSLRL_FtWYRE9vgDH-B_TQPABo4zophUvMV2wMZfESK_4KqsLKtLKz7dSM_yFmni66Ij9aUEs4991hc0u88OsXR6x5u35CWCmOnhXWFq2GMQZT79_QWC2Czr_lG0pUsbChWZKE6kLdSgQJEmfDB8IJqmyd9TGQvAn8HUPMtX3khusMXFf3AqSuU5YCvkPWS0MVzXpibCxSd0uVbRzRV-LrV4h5xf3FbCL7bXsLfXumYibtQDgFd4yPhsSM9rbJjO9ogrUPFy4rwwbvIiFcAMordOQb9iEeZgxuiPlkjVCvX7EnTEP9435eVbjcWFpVFcFDGyUZF56iozqP27I7XwINjAm5PBFM7FieayI9i5T_RU-dpFbqYoTwvQj-XNxRxYC9kH4qaebCRHGVcUGtiYMG9biG3Z7Obt1ym2FuM1oND9mLpCFxaC4j587iXRyycSzACpktLTlqFJoJYINLgS27JDRJ8fSjsj6Wp8-oW7mn1kERg2G0P4o83vONV6Vk-wxhkAQZVnUldsUNOPLEfxFB8V8oqUrAhogmi0uCAqWtbpUY6sdgnjHIaxG0rUvhgeEjVSBWI8Wz75MBGTSfQs7atS7EKUsf-kc8532MpQzGbkPQAROIXa6RUu2UHu7W2QUUxMcSpwtkoCTUsdM7I
As can be find in doc, jwt_claims_CLAIMNAME - If JWT tokens are being used, then each claim in the JWT is available in this format to the context processor., seems like not all claims are parsed.
What is the expected behavior?
Can access all the token payload claims from context variable. e.g. iat and exp
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
Create OIDC auth api, log the output from jwt_claims_TOKEN_HEADER_CLAIM.
Which versions of Tyk affected by this issue? Did this work in previous versions of Tyk?
tyk v2.5.3
The text was updated successfully, but these errors were encountered: