使用非对称密钥的CouchDB JWT身份验证

2eafrhcq  于 2022-12-09  发布在  CouchDB
关注(0)|答案(1)|浏览(216)

我想使用JWT Auth和CouchDB,如此处所述https://docs.couchdb.org/en/3.2.2-docs/api/server/authn.html?highlight=jwt#jwt-authentication
这个Stackoverflow问题也帮了大忙:Why is the CouchDB JWT Authentication with Auth0 not working for me?
到目前为止,我所拥有的配置如下:

[chttpd]
authentication_handlers = {chttpd_auth, jwt_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}

[jwt_auth]
required_claims = exp

[log]
level = debug

[jwt_keys]
rsa:fqT4qxoKNIwJSUSdhEL3KYRjl2tsz-tRMcZr_V16skM = -----BEGIN PUBLIC KEY-----\MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAooP42fI/5PcuI5AflBpn\nLVH9cv4Iz5ubS9J2fFigCSIq6r2nQvgyw/uD+mKO+Gy87zHw+2+2MlYNWiWgBwSJ\naGXE4eZOtqsjiy3q00JMtNfUYCpa8hZWlazIq4beUFjxaDNgTIA1Dm7yk4ZsDKG8\njIzRz51WHAQtnTVGplUYRQD8hVfEiLxB2nbtVMp8rdTTR0hlIv/b262VA1d76BwE\nEzGwgasKlfUxx5usMJ8WRiMMvsgfsrQ/UqH/Oz1BJ/jebbFA2hhQxMZTjk+Sb2hF\nGvxOb7+DNJrgCNyxQfTPThNisOurQf+W6APyP6IMEpkE/E+t4nsPlo9B0+DdjeTW\nwaDcemMzoWmuerjA4PJ7E7CpOOCq6NmjrPJVTjvb61A6zB52LtYLbwqKFVx166Wa\nClhdNspeAXDEP9m1w+TLbvsDBlnVvfJMT/MnBn3nQKGqwjaNJ0VZttn66DAS5Qig\n8iC4R0Ab8Hv22s/WKQA6txXTJ5Fj43TvGbf/kZVteB9hqIdAkoeBKlHQaNz9S4lL\nbt+w1C1CkiO272S/iun+q9il5tbTWVU3mqYEJCgzs2q9RtMTrj81MaM89QRuoJxO\nC/fOcE1mPsFs5PiIOfMcetLNR7jNiwQknK4krmBM9DGrK1tR8hU471ANAOYmqntH\nPUyoxOpC0reaacfiKOqaabkCAwEAAQ==\n-----END PUBLIC KEY-----\n

如果查询会话,我会看到 JWT 是一个有效选项

curl 127.0.0.1:5984/_session
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_handlers":["jwt","cookie","default"]}}

但我的无记名令牌请求失败:

curl -H 'Authorization: Bearer $REALLY_LONG_STRING' 127.0.0.1:5984/

{"error":"bad_request","reason":"Not a valid key"}

我认为CouchDB无法解析PEM字符串,看起来像我在这里登陆:https://github.com/apache/couchdb/blob/main/src/jwtf/src/jwtf_keystore.erl#L142
这是我所能做的最多的厄兰,所以我现在迷路了。
有什么帮助吗?

e3bfsja2

e3bfsja21#

真不敢相信我错过了一个O_o Works

[jwt_keys]
rsa:fqT4qxoKNIwJSUSdhEL3KYRjl2tsz-tRMcZr_V16skM = -----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAooP42fI/5PcuI5AflBpn\nLVH9cv4Iz5ubS9J2fFigCSIq6r2nQvgyw/uD+mKO+Gy87zHw+2+2MlYNWiWgBwSJ\naGXE4eZOtqsjiy3q00JMtNfUYCpa8hZWlazIq4beUFjxaDNgTIA1Dm7yk4ZsDKG8\njIzRz51WHAQtnTVGplUYRQD8hVfEiLxB2nbtVMp8rdTTR0hlIv/b262VA1d76BwE\nEzGwgasKlfUxx5usMJ8WRiMMvsgfsrQ/UqH/Oz1BJ/jebbFA2hhQxMZTjk+Sb2hF\nGvxOb7+DNJrgCNyxQfTPThNisOurQf+W6APyP6IMEpkE/E+t4nsPlo9B0+DdjeTW\nwaDcemMzoWmuerjA4PJ7E7CpOOCq6NmjrPJVTjvb61A6zB52LtYLbwqKFVx166Wa\nClhdNspeAXDEP9m1w+TLbvsDBlnVvfJMT/MnBn3nQKGqwjaNJ0VZttn66DAS5Qig\n8iC4R0Ab8Hv22s/WKQA6txXTJ5Fj43TvGbf/kZVteB9hqIdAkoeBKlHQaNz9S4lL\nbt+w1C1CkiO272S/iun+q9il5tbTWVU3mqYEJCgzs2q9RtMTrj81MaM89QRuoJxO\nC/fOcE1mPsFs5PiIOfMcetLNR7jNiwQknK4krmBM9DGrK1tR8hU471ANAOYmqntH\nPUyoxOpC0reaacfiKOqaabkCAwEAAQ==\n-----END PUBLIC KEY-----\n
``

相关问题