Changing jwt_public_key breaks the URL used to obtain product config and oauth verify key

Question

Changing jwt_public_key breaks the URL used to obtain product config and oauth verify key

Closed this issue 8 years ago · 0 comments

Microgateway no longer functions when the jwt_public_key is configured to be anything other than the default value. All API invocations return an "access_denied" error.

For our use case, JWT tokens are created and signed by an API proxy we have built in Apigee cloud. Microgateway receives those JWT tokens. jwt_public_key is configured to the URL that exposes the associated public key, which can be used to verify the received JWT token (as per documentation on Edge Microgateway Operations)

Unfortunately, several other configuration related URLs used within microgateway assume that jwt_public_key is the default value set up at initial configuration time. Specifically, config.edge_config.products and config.oauth.verify_api_key_url as per the comment on line 357 of network.js.

// derive products and oauth uris from jwt_public_key config

Although there is a warning logged using console.error(), edgemicro starts and fails to service any API calls because it didn't manage to find any products within the PEM encoding of our JWT public key. Arguably, edgemicro shouldn't start if it can't find the expected (possibly empty) products array in the response.