-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PUT /_node/{node-name}/_config/jwt_keys/{key} does not accept valid key #5091
Comments
.... aaaaand once submitted the ticket, the solution presented itself: WRONGcurl --request PUT 'http:https://localhost:5984/_node/nonode@nohost/_config/jwt_keys/rsa:S1-oBDEUlMfN-FP5EeG6UcaKdeCs01_dx5AIw-SogiQ' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data '"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9SJFyVWvBonL3K+giuzeQ4Vp1bH9ftu\nzjrtLMMBUWESQEMXsml7s58/8UOWQ40j71eu+63sLvCnLhcP9jmKI8vwofkMo91ulZn2ntKTsawJ\nmnrR7k1W5okbLlnwYq1KN3SRcjeHYa3JruoDmHHW9dO5dAGu09ookgWxYr2K1jXT1+L1NFOfBXqs\njFqr3a+ArMOg5POcg9I6lI9kmi8aOJgTfRydJbuUC8vtgc7rdHY4g7IdGlOM+LWdor23P16vzfVK\nGNDNbi072S0vzkt+Q/WLb9UuQi64wB3LxVLDfUKNg2OGJ6/ju1bZX+Fo02hG6lkMa2BO3CwmirGR\nLiWb4wIDAQAB\n-----END PUBLIC KEY-----\n"' Rightcurl --request PUT 'http:https://localhost:5984/_node/nonode@nohost/_config/jwt_keys/rsa:S1-oBDEUlMfN-FP5EeG6UcaKdeCs01_dx5AIw-SogiQ' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data '"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9SJFyVWvBonL3K+giuzeQ4Vp1bH9ftu\\nzjrtLMMBUWESQEMXsml7s58/8UOWQ40j71eu+63sLvCnLhcP9jmKI8vwofkMo91ulZn2ntKTsawJ\\nmnrR7k1W5okbLlnwYq1KN3SRcjeHYa3JruoDmHHW9dO5dAGu09ookgWxYr2K1jXT1+L1NFOfBXqs\\njFqr3a+ArMOg5POcg9I6lI9kmi8aOJgTfRydJbuUC8vtgc7rdHY4g7IdGlOM+LWdor23P16vzfVK\\nGNDNbi072S0vzkt+Q/WLb9UuQi64wB3LxVLDfUKNg2OGJ6/ju1bZX+Fo02hG6lkMa2BO3CwmirGR\\nLiWb4wIDAQAB\\n-----END PUBLIC KEY-----\\n"' http treats |
Glad you figured it out. To confirm, this is your shell converting the |
Description
While trying to programmatically setup JWT authentication with a key derived from a JWKS key, the update using
PUT /_node/{node-name}/_config/jwt_keys/{key}
fails with an error (see reproducer) when a valid key is provided, but works for arbitrary stringsSteps to Reproduce
The reproducer uses a local container couch with admin/password and no persistence configured, so it can easily be reproduced repeatedly.
step 1: create temp couchDB instance
step 2: create _user, replicator to silence the "_user" is missing in the log (works)
both complete with HTTP 201
{"ok":true}
step 3: update the authentication methods
Ends with HTTP 200 and
""
(seems to be the old value)step 4a: check current jwt_keys configuration
Ends with http 200 and
{}
(as expected)step 4b: Add JWT key ( that one fails)
Ends with http 400,
{"error":"bad_request","reason":"Invalid configuration value"}
and no entry injwt_keys
createdExpected Behaviour
End with http 20x and creation of jwt_key entry:
to result in
additional test conducted
then restart couchdb, JWT auth works like a charm
Your Environment
Additional Context
The public key is derived from a jwks entry found here and converted using this project with the goal to allow automatic updates when IdP keys change
The text was updated successfully, but these errors were encountered: