Comments (4)
@zmstone But EMQX documentation does not mention that the placeholders supported by JWT authn are different from other authn: authentication-placeholders
from emqx.
After this issue is fixed, there is still a risk of crash.
In function replace_placeholder
of module emqx_authn_jwt.erl
:
replace_placeholder(L, Variables) ->
replace_placeholder(L, Variables, []).
replace_placeholder([], _Variables, Acc) ->
Acc;
replace_placeholder([{Name, {placeholder, PL}} | More], Variables, Acc) ->
Value = maps:get(PL, Variables),
replace_placeholder(More, Variables, [{Name, Value} | Acc]);
replace_placeholder([{Name, Value} | More], Variables, Acc) ->
replace_placeholder(More, Variables, [{Name, Value} | Acc]).
If there is no corresponding key in Variables
, then maps:get(PL, Variables)
will crash, as mentioned in Issue#13253, this is possible when fail_if_no_peer_cert
is set to false.
from emqx.
This is not a bug, but a feature request.
JWT authn only supports placeholders for clientid
and username
to check against the JWT claims.
A workaround for now is to use peer_cert_as_username
or peer_cert_as_clientid
.
from emqx.
I found it: JWT AuthN
![image](https://private-user-images.githubusercontent.com/15085956/340226943-3b8012f9-fdad-42f6-8c16-c00e3366673a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE3NzI4ODAsIm5iZiI6MTcyMTc3MjU4MCwicGF0aCI6Ii8xNTA4NTk1Ni8zNDAyMjY5NDMtM2I4MDEyZjktZmRhZC00MmY2LThjMTYtYzAwZTMzNjY2NzNhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIzVDIyMDk0MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTNlM2UzNWE2ZWNkYjk0YzI5NjA3ZGE1NmVhNWVkNTU4ZWUxNmUxYzE5YTBiMWU2NjBjOGJkNWQ4NmMzNmNhYzEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.fMGjzdHVnQFMLLVZ8d9upKuZNtyjfsNKA5zBoqFkQDY)
Maybe it's time to support it.
from emqx.
Related Issues (20)
- Plugin hook points not called when auto-booting plugin in a cluster HOT 5
- The retained message function in EMQX is controlled by two switches
- emqx_authn_pgsql resource down: unknown reason HOT 7
- Setting hibernate_after for tcp connection HOT 2
- Return wrong Receive Maximum
- The message queue size may exceed the maximum limit after setting topic priority HOT 2
- Setting max_heap_size to 0 causes function_clause HOT 1
- 在服务区上部署EMQX这一步出现以下问题 HOT 2
- 在云服务器连接实例后部署EMQX遇到问题, HOT 1
- 在软路由“”爱快(ikuai)”(debian12系统)上docker中安装eqmx启动报错 HOT 7
- "Mnesia is overloaded" messaggio di warning HOT 3
- Variable in header HOT 3
- EMQXWebSocket 客户端连接错误 HOT 8
- 配置SSL,8883,单向证书问题 HOT 1
- jwt过期导致无法发送遗嘱 HOT 6
- Exclusive subscriptions rejected with QuotaExceeded for no reason? HOT 14
- can't get real ipaddress of clients HOT 4
- receive a huge of connect and disconnect events from one client with no reasons HOT 8
- runq_overload alert not cleared sometimes
- connection_shutdown with reason: #{hint => invalid_password HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emqx.