jasongoodwin/authentikat-jwt

Gijsbert van den Brink

@gijsbert802

Hi, version.sbt says 0.4.2, but the latest version available in repositories is 0.4.1. Why is 0.4.2 is not available, has it not been released yet?

Jason Goodwin

@jasongoodwin

hey, sorry for the slow reply

Ya I didn't release 0.4.2 apparently. 0.4.2 doesn't have very significant changes in it. I'm nearing a major release (1.0.0) w/ RSA SHA algorithms, explicit verifier requirement etc.

I have a few more ideas that I'd like to implement and maybe es - I'll release it in feb likely?

Do you have anything you needed in from 0.4.2? I can release it in the interim.

Gijsbert van den Brink

@gijsbert802

Well, 0.4.1 uses json4s 3.2.10 and I ran into binary compatibility issues when I upgraded json4s in my own project to 3.3.0. 0.4.2 would solve that. If you could release it that would be great.

Daniela Sfregola

@DanielaSfregola

Hi Jason, I am upgrading from version 0.4.1 to 0.4.4 but I am experiencing issues.

I have a test that checks the creation and decoding of a jwt token

the code compiles but the behaviour is changed

I had a look at the code but I cannot spot what changed.

The way I generate the token is as following:

    val header = JwtHeader("HS256")
    val claimsSet = JwtClaimsSet(payload)
    val jwt = AuthentikatJsonWebToken(header, claimsSet, jwtSecret)

with

    val payload = Map("foo" -> "bar")
    val jwtSecret = "foosecret"

with version 0.4.1 the generated token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.VhZeM_o2-FV92EKLURZpHO13gjkj04It3i38mrDmc48 (correct!)

while with version 0.4.4 the generated token is W3siYWxnIjoiSFMyNTYifSx7InR5cCI6IkpXVCJ9XQ.eyJmb28iOiJiYXIifQ.NRYPzqhsPlVn9BA8XicHhyCPQfQnv-Nv9neqGIXeOCw

Daniela Sfregola

@DanielaSfregola

....could you please suggest what I am doing wrong? thanks!

Daniela Sfregola

@DanielaSfregola

apparently the header encoding is wrong:

[
  {
    "alg": "HS256"
  },
  {
    "typ": "JWT"
  }
]

instead of

  {
    "alg": "HS256",
    "typ": "JWT"
  }

Daniela Sfregola

@DanielaSfregola

created an issue jasongoodwin/authentikat-jwt#30

....and also proposed a solution

Daniela Sfregola

@DanielaSfregola

@jasongoodwin any update on that ticket?

Jason Goodwin

@jasongoodwin

Hey sorry guys - I have published 0.4.5

It corrects a security vulnerability as well as being published for newer versions of scala

let me know if you have any issues - thanks for hanging in.

Daniela Sfregola

@DanielaSfregola

thanks @jasongoodwin I'll try it out now!

Daniela Sfregola

@DanielaSfregola

@jasongoodwin I can confirm it works! Only thing: Sometimes Map[String, Any] doesn't know how to serialise things. For example, if in your payload you have a UUID

Not a big deal, I just had to convert all uuid to string manually

-- I guess it makes sense with the new design of the library

karunaker reddy

@karunakerreddyv

I have separate Authentication app built with Jhipster and I want to share JWT token among multiple subdomains (multiple UI apps hosted under x.xyz.com, y.xyz.com, z.xyz.com). How can I share JWT token from authentication app to other apps

Jason Goodwin

@jasongoodwin

I'm not sure that there is anything special to do. You can pass the tokens around in http headers for example.

Jason Goodwin

@jasongoodwin

You might want to specify originating details in the claims if it's relevant to your problem space

Ankoud Hamdi

@hamdiank

"Response for preflight has invalid HTTP status code 401" i got this error when i sent the token with the request and i think the Authorization Custom Token Header not being included in HTTP API request ,, some help please !!!!

Jason Goodwin

@jasongoodwin

Sent it where?

did you look at the contents of the token?

Jason Goodwin

@jasongoodwin

They are base64 encoded so just take the first and middle sections and decode them

or use of the token verification tools

Ankoud Hamdi

@hamdiank

@jasongoodwin i want to sent it to my backend (spring boot) ,, i looked at the content of th token it's not umpty ,, my backend expect to get a tocken in the header for the authentication but it's not sent ,

Jason Goodwin

@jasongoodwin

That's unrelated to this library

Philippus Baalman

@Philippus

@jasongoodwin could you check https://github.com/jasongoodwin/authentikat-jwt/pulls ?there's a number of PR's waiting

yadavyogesh

@yadavyogesh

Need some suggestions in implementing the JWT token security.. I want to add JWT between my Angular app and REST APIs .. I want to know what are my options to get the token(how to validate and issue a token to my app) from the server where my rest apis are (in my case there are no separate auth servers)..

Neha Duvvuri

@nehaagarwald_twitter

Hello. Newbie here. I am trying to test my API via postman. But I don't know how to pass the authentication

I expected, if I do http://localhost:8080/api/authenticate?username=admin&password=admin , it should give me the jwt token, which I can pass on to other api calls under bearer token

Where am I going wrong?

I am using the default jwt to authorize

NKM

@nkmittal

@nehaagarwald_twitter You simply need to pass JWT in an header when calling the API which your web application should be able to extract out from the request header. Afterwards to validate token use the methods provided in authentikat-jwt.

@yadavyogesh authentikat-jwt has all the methods needed. Read-up on JWT as this is a self-contained token does not require any other server to validate.

Neha Duvvuri

@nehaagarwald_twitter

Thanks for quick replies. Another thing to confirm. Jhipster cannot be setup without registry right? There is an option when setting it up. But I did not have any luck setting up a security free or an open API

NKM

@nkmittal

@nehaagarwald_twitter No idea about Jhipster.

Taner

@taneraruk_gitlab

Hi, I try to use jwt authentication, how can I avoid authentication for specific rest endpoints? I added @Secured("isAnonymous()") and Secured(SecurityRule.IS_ANONYMOUS) but i did not work. Where I am wrong? any idea?

Where communities thrive

People

Repo info

Activity