Hello I m trying to JWT token on cerbos with auxData I m usi

Question

Hello I m trying to JWT token on cerbos with auxData I m using Strapi as backend and I m actually thinking if this is really necessary as the true access control will happen on backend The front end will only block rendering of some components

Dennis (Cerbos) · Answer

Hi Alberto Which authentication system are you using I mean who has issued the JWT token Auth0

Dennis (Cerbos) · Answer

Or is it Strapi itself as per <https docs strapi io developer docs latest plugins users permissions html jwt configuration>

Alberto Cunha · Answer

It is Strapi I m using Google Auth as a strapi provider to be more specific

Alberto Cunha · Answer

Here is a description how it is implemented <https docs strapi io developer docs latest plugins users permissions html providers>

Dennis (Cerbos) · Answer

Thanks I ll check it out It seems the root cause of the error is that Cerbos expects JSON Web Key Sets in the configuration but it is given a base64 encoded secret

Charith (Cerbos) · Answer

< Alberto Cunha> Cerbos needs a base64 encoded JSON Web Key JWK The secret you have in your configuration is `your 256 bit secret` which is not a valid JWK and I suspect that it s a placeholder value from the documentation not the real key I am not familiar with Strapi so I can t really help you with the particular details of that Usually the JWK is exposed by the issuing server at the path ` well known jwks json`

Alberto Cunha · Answer

Thanks Clarith I think you are right It was my utter ignoranc how JWKS work I was just grabbing that JWT secret encoding it with base64 and adding it to Carbos auxData Strapi wont create a jwks file but I ll try to do it manually

Alberto Cunha · Answer

Just to give back some feedback I was able to validate the token but I had to make some changes to strapi Strapi uses a HS256 algo and I had to add kid key to the token header on strapi s plugin config Thanks for the insight

Alberto Cunha · Answer

The most obscure problem is that for a jwtsecret in strapi cerbos expects JWKS k to be enconded on base64 Also i m still having a new problem I m having getting this error failed to parse JWT iat not satisfied on the first requests but then it works I think something to do differences in timing between servers although they are in my computer Anyway thanks < Dennis Cerbos > and < Charith Cerbos > for the insight and help The problem is SOLVED