3

I'm using express gateway as an API gateway. I want EG (Express Gateway) to authenticate JWTs that my keycloak server will sign. My setup in gateway.config.yml is like this:

http:
  port: 6060
admin:
  port: 9876
  hostname: localhost
apiEndpoints:
  api:
    host: localhost
    paths: '/ip'
serviceEndpoints:
  httpbin:
    url: 'https://httpbin.org'
policies:
  - basic-auth
  - jwt
  - cors
  - expression
  - key-auth
  - log
  - oauth2
  - proxy
  - rate-limit
pipelines:
  default:
    apiEndpoints:
      - api
    policies:
    # Uncomment `key-auth:` when instructed to in the Getting Started guide.
      - jwt:
          secretOrPublicKey: MySuperSecretKey
      - proxy:
          - action:
              serviceEndpoint: httpbin 
              changeOrigin: true

I'm starting EG server, and then I'm going to https://jwt.io/ selecting HS256 setting the payload, and secret key and a JWToken is generated. Then I'm making a request with postman using bearer token as it is the default and I'm getting 401 unauthorized.

Does anyone have any idea what I'm doing wrong with the configuration?

Reza Mousavi
  • 4,420
  • 5
  • 31
  • 48
Rambou
  • 968
  • 9
  • 22
  • i am trying to achive the same. i.e Express gateway + keycloak as Identity provider. is there a guide that you followed ? – Ahmad Karim Sep 24 '20 at 07:56

1 Answers1

2

with the current configuration you're required to create an internal credential JWT credential so that Express Gateway can look for the token and check it accordingly.

In case you want to skip this check, just set the checkCredentialExistence to false as a jwt policy parameter. The request will then pass.

Cheers!

Vincenzo
  • 1,549
  • 1
  • 9
  • 17
  • Yeap, That's the solution. I was going to post the answer to my own question, but you got me first. Thanks @Vincenzo – Rambou Sep 19 '18 at 08:17