Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Gijsbert van den Brink
    @gijsbert802
    Hi, version.sbt says 0.4.2, but the latest version available in repositories is 0.4.1. Why is 0.4.2 is not available, has it not been released yet?
    Jason Goodwin
    @jasongoodwin
    hey, sorry for the slow reply
    Ya I didn't release 0.4.2 apparently. 0.4.2 doesn't have very significant changes in it. I'm nearing a major release (1.0.0) w/ RSA SHA algorithms, explicit verifier requirement etc.
    I have a few more ideas that I'd like to implement and maybe es - I'll release it in feb likely?
    Do you have anything you needed in from 0.4.2? I can release it in the interim.
    Gijsbert van den Brink
    @gijsbert802
    Well, 0.4.1 uses json4s 3.2.10 and I ran into binary compatibility issues when I upgraded json4s in my own project to 3.3.0. 0.4.2 would solve that. If you could release it that would be great.
    Daniela Sfregola
    @DanielaSfregola
    Hi Jason, I am upgrading from version 0.4.1 to 0.4.4 but I am experiencing issues.
    I have a test that checks the creation and decoding of a jwt token
    the code compiles but the behaviour is changed
    I had a look at the code but I cannot spot what changed.
    The way I generate the token is as following:
        val header = JwtHeader("HS256")
        val claimsSet = JwtClaimsSet(payload)
        val jwt = AuthentikatJsonWebToken(header, claimsSet, jwtSecret)
    with
        val payload = Map("foo" -> "bar")
        val jwtSecret = "foosecret"
    with version 0.4.1 the generated token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.VhZeM_o2-FV92EKLURZpHO13gjkj04It3i38mrDmc48 (correct!)
    while with version 0.4.4 the generated token is W3siYWxnIjoiSFMyNTYifSx7InR5cCI6IkpXVCJ9XQ.eyJmb28iOiJiYXIifQ.NRYPzqhsPlVn9BA8XicHhyCPQfQnv-Nv9neqGIXeOCw
    Daniela Sfregola
    @DanielaSfregola
    ....could you please suggest what I am doing wrong? thanks!
    Daniela Sfregola
    @DanielaSfregola

    apparently the header encoding is wrong:

    [
      {
        "alg": "HS256"
      },
      {
        "typ": "JWT"
      }
    ]

    instead of

      {
        "alg": "HS256",
        "typ": "JWT"
      }
    Daniela Sfregola
    @DanielaSfregola
    created an issue jasongoodwin/authentikat-jwt#30
    ....and also proposed a solution
    Daniela Sfregola
    @DanielaSfregola
    @jasongoodwin any update on that ticket?
    Jason Goodwin
    @jasongoodwin
    Hey sorry guys - I have published 0.4.5
    It corrects a security vulnerability as well as being published for newer versions of scala
    let me know if you have any issues - thanks for hanging in.
    Daniela Sfregola
    @DanielaSfregola
    thanks @jasongoodwin I'll try it out now!
    Daniela Sfregola
    @DanielaSfregola
    @jasongoodwin I can confirm it works! Only thing: Sometimes Map[String, Any] doesn't know how to serialise things. For example, if in your payload you have a UUID
    Not a big deal, I just had to convert all uuid to string manually
    -- I guess it makes sense with the new design of the library
    karunaker reddy
    @karunakerreddyv
    I have separate Authentication app built with Jhipster and I want to share JWT token among multiple subdomains (multiple UI apps hosted under x.xyz.com, y.xyz.com, z.xyz.com). How can I share JWT token from authentication app to other apps
    Jason Goodwin
    @jasongoodwin
    I'm not sure that there is anything special to do. You can pass the tokens around in http headers for example.
    Jason Goodwin
    @jasongoodwin
    You might want to specify originating details in the claims if it's relevant to your problem space
    Ankoud Hamdi
    @hamdiank
    "Response for preflight has invalid HTTP status code 401" i got this error when i sent the token with the request and i think the Authorization Custom Token Header not being included in HTTP API request ,, some help please !!!!
    Jason Goodwin
    @jasongoodwin
    Sent it where?
    did you look at the contents of the token?
    Jason Goodwin
    @jasongoodwin
    They are base64 encoded so just take the first and middle sections and decode them
    or use of the token verification tools
    Ankoud Hamdi
    @hamdiank
    @jasongoodwin i want to sent it to my backend (spring boot) ,, i looked at the content of th token it's not umpty ,, my backend expect to get a tocken in the header for the authentication but it's not sent ,
    Jason Goodwin
    @jasongoodwin
    That's unrelated to this library
    Philippus Baalman
    @Philippus
    @jasongoodwin could you check https://github.com/jasongoodwin/authentikat-jwt/pulls ?there's a number of PR's waiting
    yadavyogesh
    @yadavyogesh
    Need some suggestions in implementing the JWT token security.. I want to add JWT between my Angular app and REST APIs .. I want to know what are my options to get the token(how to validate and issue a token to my app) from the server where my rest apis are (in my case there are no separate auth servers)..
    Neha Duvvuri
    @nehaagarwald_twitter
    Hello. Newbie here. I am trying to test my API via postman. But I don't know how to pass the authentication
    I expected, if I do http://localhost:8080/api/authenticate?username=admin&password=admin , it should give me the jwt token, which I can pass on to other api calls under bearer token
    Where am I going wrong?
    I am using the default jwt to authorize
    NKM
    @nkmittal
    @nehaagarwald_twitter You simply need to pass JWT in an header when calling the API which your web application should be able to extract out from the request header. Afterwards to validate token use the methods provided in authentikat-jwt.
    @yadavyogesh authentikat-jwt has all the methods needed. Read-up on JWT as this is a self-contained token does not require any other server to validate.
    Neha Duvvuri
    @nehaagarwald_twitter
    Thanks for quick replies. Another thing to confirm. Jhipster cannot be setup without registry right? There is an option when setting it up. But I did not have any luck setting up a security free or an open API
    NKM
    @nkmittal
    @nehaagarwald_twitter No idea about Jhipster.
    Taner
    @taneraruk_gitlab
    Hi, I try to use jwt authentication, how can I avoid authentication for specific rest endpoints? I added @Secured("isAnonymous()") and Secured(SecurityRule.IS_ANONYMOUS) but i did not work. Where I am wrong? any idea?