Hello How do I know if JWKS JWT is working I am still gettin Cerbos Community #help

Hello! How do I know if JWKS/JWT is working? I am ...

Johnathan Koppang

07/24/2024, 1:41 AM

Hello! How do I know if JWKS/JWT is working? I am still getting normal responses from the base API even when I don't provide a key.

oguzhan

07/24/2024, 9:25 AM

Hi @Johnathan Koppang, In order for Cerbos to validate JWT tokens, there are two steps required: • Specifying jwks key(s) in the cerbos configuration

Copy code

auxData:
  jwt:
    keySets:
      - id: ks1        
        remote: 
          url: <https://domain.tld/.well-known/keys.jwks>

Copy code

auxData:
  jwt:
    keySets:
      - id: ks1        
        local: 
          file: /path/to/keys.jwks

• Including a JWT token in the request

Copy code

partial CheckResources request

{
   ...
   "auxData":{
      "jwt":{
         "token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.NHVaYe26MbtOYhSKkoKYdFVomg4i8ZJd8_-RU8VNbftc4TSMb4bXP3l3YlNWACwyXPGffz5aXHc6lty1Y2t4SWRqGteragsVdZufDn5BlnJl9pdR_kdVFUsra2rWKEofkZeIC4yWytE58sMIihvo9H1ScmmVwBcQP6XETqYd0aSHp1gOa9RdUPDvoXQ5oqygTqVtxaDr6wUFKrKItgBMzWIdNZ6y7O9E0DhEPTbE9rfBo6KTFsHAZnMg4k68CDp2woYIaXbmYTWcvbzIuHO7_37GT79XdIwkm95QJ7hYC9RiwrV7mesbY4PAahERJawntho0my942XheVLmGwLMBkQ",
         "keySetId": "ks1"
      }
   }
}

Johnathan Koppang

07/24/2024, 7:53 PM

I’ll do that. Thanks a lot!

Johnathan Koppang

07/24/2024, 9:18 PM

How do I make sure it requires jwt though? Is that possible?

oguzhan

07/25/2024, 9:23 AM

That’s not possible, because Cerbos doesn’t try to authenticate the incoming requests. That’s why the AuxData is only a convenience to allow the app to forward the client jwt to Cerbos instead of validating, parsing and adding the attributes from jwt into principal attributes.

10 Views

Open in Slack

Previous Next