Chris Arderne
06/23/2023, 10:11 AMChris Arderne
06/23/2023, 10:12 AMHTTP
module. This obviously means that the Cerbos server is exposed to the public internet. I'm a bit uncomfortable with this, but you support this pattern so I thought there must be some sense to it!Chris Arderne
06/23/2023, 10:15 AMCharith (Cerbos)
Chris Arderne
06/23/2023, 10:49 AMChris Arderne
06/23/2023, 10:50 AM401
'ing requests with no/bad jwt?Rasmus Dencker
06/23/2023, 10:51 AMCharith (Cerbos)
principal.attributes
of the API request.
https://docs.cerbos.dev/cerbos/latest/policies/conditions.html#auxdataChris Arderne
06/23/2023, 11:36 AM400
{
"code": 3,
"message": "failed to extract auxData"
}
That's good enough for me! At least we'll have some clarity around bogus requests and whatnot.
It would be great if we could other non-essential endpoints in production (eg the html docs, swagger.json) but I recognise this isn't much of a security concern... šChris Arderne
06/23/2023, 11:56 AMCharith (Cerbos)
Chris Arderne
06/23/2023, 12:01 PMCharith (Cerbos)
Chris Arderne
06/23/2023, 12:42 PM"error":"failed to parse JWT: key provider 0 failed: failed to find matching key: no key ID (\"kid\") specified in token"
Which isn't surprising, since an HS key doesn't have a kid
Header...Charith (Cerbos)
kid
.Chris Arderne
06/23/2023, 1:52 PM