JWT/KONG: Cannot create JWTs with a shared secret

2019-09-14 19:00发布

问题:

I'm playing around KONG API gateway recently.

I want to sign each JWT with a secret that is shared in all micros. I need this because I want other micros to be able to decode given JWT and extract payload data and work upon it (e.g. _user_id_ field in the payload).

When I try to create a JWT for the first consumer, it works just fine. But when I try to create it for the second consumer I'm getting the following error:

{u'secret': u"already exists with value 'secret'}

I'm not exactly sure but I think KONG/JWT requires unique secret for each consumer to create a JWT. Is it possible to configure JWT plugin properly to be able to use shared secret to sign JWTs?

PS: I'm not entirely sure that using a shared secret is a good practice. If there is a better way to do this please let me know. Thanks!

  • Kong version v0.10.2

回答1:

You can use private-public key signing method.
Create your JWT token with a private key and share the public key with all other microservices. Other microservices can verify the signature of the token by using the shared public key.

You can use RSA algorithm for generating the keys & signing the tokens. The private key should be only with the service which is generating the token.

Snippet for generating keys:

    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
    kpg.initialize(2048);
    KeyPair kp = kpg.genKeyPair();
    Key publicKey = kp.getPublic();
    Key privateKey = kp.getPrivate(); 

Snippet to generate JWT token. I am using JJwt API for generating the token:

Jwts.builder()
            .setClaims(payload)
            .setExpiration(expiryDate)
            .signWith(SignatureAlgorithm.RS256, privateKey )
            .compact();

Snippet to verify the token with public key:

Jwts.parser() 
       .setSigningKey(publicKey )
       .parseClaimsJws(jwtToken)

Hope this helps.