rs256 token is not verifiable #195

kotyara85 · 2022-05-13T21:10:18Z

kotyara85
May 13, 2022

Hello,
I followed the official examples to verify a token and it's always false
Is there any way to output the error which opa hits during io.jwt.verify_rs256?
I did verify jwks are pulled and they're valid for the token
Thanks

package oidc

issuers = {"https://auth.example.com"}

metadata_discovery(issuer) = http.send({
	"url": concat("", [issuers[issuer], "/.well-known/openid-configuration"]),
	"method": "GET",
	"force_cache": true,
	"force_cache_duration_seconds": 86400,
}).body

token := {"claims": claims} {
	io.jwt.decode(input.user, [_, claims, _])
}

metadata = metadata_discovery(token.claims.iss)

jwks_request(url) = http.send({
	"url": url,
	"method": "GET",
	"force_cache": true,
	"force_cache_duration_seconds": 3600, # Cache response for an hour
})

jwks = jwks_request(metadata.jwks_uri).body

default vefified := false

verified = io.jwt.verify_rs256(input.token, json.marshal(jwks))

kotyara85 · 2022-05-13T21:16:36Z

kotyara85
May 13, 2022
Author

It's actually a type in my code - input.token is empty

0 replies

anderseknert · 2022-05-14T06:08:30Z

anderseknert
May 14, 2022
Maintainer

You'll need to provide the token as part of your input when querying OPA, e.g.

curl --data '{"input": {"token": "mytoken"}}' http://localhost:8181/v1/data/my/policy

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Open Policy Agent

rs256 token is not verifiable #195

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Open Policy Agent

rs256 token is not verifiable #195

Uh oh!

Uh oh!

kotyara85 May 13, 2022

Replies: 2 comments

Uh oh!

kotyara85 May 13, 2022 Author

Uh oh!

anderseknert May 14, 2022 Maintainer

kotyara85
May 13, 2022

kotyara85
May 13, 2022
Author

anderseknert
May 14, 2022
Maintainer