Comments (4)
@zmstone But EMQX documentation does not mention that the placeholders supported by JWT authn are different from other authn: authentication-placeholders
from emqx.
After this issue is fixed, there is still a risk of crash.
In function replace_placeholder
of module emqx_authn_jwt.erl
:
replace_placeholder(L, Variables) ->
replace_placeholder(L, Variables, []).
replace_placeholder([], _Variables, Acc) ->
Acc;
replace_placeholder([{Name, {placeholder, PL}} | More], Variables, Acc) ->
Value = maps:get(PL, Variables),
replace_placeholder(More, Variables, [{Name, Value} | Acc]);
replace_placeholder([{Name, Value} | More], Variables, Acc) ->
replace_placeholder(More, Variables, [{Name, Value} | Acc]).
If there is no corresponding key in Variables
, then maps:get(PL, Variables)
will crash, as mentioned in Issue#13253, this is possible when fail_if_no_peer_cert
is set to false.
from emqx.
This is not a bug, but a feature request.
JWT authn only supports placeholders for clientid
and username
to check against the JWT claims.
A workaround for now is to use peer_cert_as_username
or peer_cert_as_clientid
.
from emqx.
I found it: JWT AuthN
![image](https://private-user-images.githubusercontent.com/15085956/340226943-3b8012f9-fdad-42f6-8c16-c00e3366673a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTkzMjM4NjIsIm5iZiI6MTcxOTMyMzU2MiwicGF0aCI6Ii8xNTA4NTk1Ni8zNDAyMjY5NDMtM2I4MDEyZjktZmRhZC00MmY2LThjMTYtYzAwZTMzNjY2NzNhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI1VDEzNTI0MlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTQwOTM4MjdlNTk4ZGRkYTIyNjI3NmNiZjQ1NTVmOTRjNDc3N2RiNjA2YjA3YTY1M2YxMTc5MTczZDQ3ZTNjYzQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.QMjxJ-NWMaFbYHgdzLzhuBdqAyw2izHK-TYK0NyZeYs)
Maybe it's time to support it.
from emqx.
Related Issues (20)
- Allow users to explicitly persist Dashboard configuration
- Connector to MQTT host fails with bad username/password, other clients connect normally HOT 2
- But I found that it was sent successfully, and I also subscribed to this topic. Should return 200 and messageid HOT 1
- Feature Request: Add exact_match Parameter to JWT ACL HOT 17
- The unit of max packet size is wrong
- Default Value of fail_if_no_peer_cert HOT 10
- Backup and Restore | Rule Configuration Missing
- SSL listener's check for "CA Cert" HOT 4
- The statistics of disconnection reasons do not include malformed packets HOT 3
- Clearer disconnection reasons
- Add "topic_subscribe_filter" field to JWT ACL (or some acl behavior like this) HOT 21
- Add curl to docker image HOT 5
- 消息重传机制只会在重连的时候触发么 HOT 3
- api/v5/prometheus/stats not have erlang_vm_* 指标没了吗? HOT 3
- 延迟subscribe可能导致消息消费不到 HOT 5
- runq_overload alert on using MongoDB for authz/authn and also alert gets stuck for days sometimes HOT 1
- Helm Chart: MQTT ingress proxies HTTP to MQTT port HOT 2
- docker can't pull emqx:5.7.0 HOT 3
- Connect to ws emqx and the respons is 400 bad request HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emqx.