Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get user credentials when use oauth2 method #888

Open
duongvanba opened this issue Mar 22, 2019 · 1 comment
Open

Get user credentials when use oauth2 method #888

duongvanba opened this issue Mar 22, 2019 · 1 comment

Comments

@duongvanba
Copy link

duongvanba commented Mar 22, 2019
edited
Loading

I use express gateway for my app
This is my config

system.config.yml

db:
  redis:
    emulate: true
    namespace: EG

crypto:
  cipherKey: sensitiveKey
  algorithm: aes256
  saltRounds: 10
session:
  secret: keyboard cat
  resave: false
  saveUninitialized: false
accessTokens:
  timeToExpiry: 7200000
  tokenType: 'jwt'
  issuer: 'express-gateway'
  audience: 'something'
  subject: 'somebody'
  secretOrPrivateKey: 'ssssst'

refreshTokens:
  timeToExpiry: 7200000
authorizationCodes:
  timeToExpiry: 300000

My app

{
  "name": "app-test",
  "redirectUri": "https://google.com",
  "isActive": true,
  "id": "72f2753d-8abd-4725-a13f-3142074a913d", // <=== App ID
  "userId": "5612f63e-64c3-480a-959c-2aa885a92dbf",
  "createdAt": "Fri Mar 22 2019 16:35:42 GMT+0700 (Indochina Time)",
  "updatedAt": "Fri Mar 22 2019 16:35:42 GMT+0700 (Indochina Time)"
}

My user

{
  "firstname": "ba",
  "lastname": "ba",
  "username": "ba",
  "email": "duong@gm.c",
  "redirectUri": "https://g.com",
  "isActive": true,
  "id": "5612f63e-64c3-480a-959c-2aa885a92dbf", // <=== User ID
  "createdAt": "Fri Mar 22 2019 16:09:22 GMT+0700 (Indochina Time)",
  "updatedAt": "Fri Mar 22 2019 16:09:22 GMT+0700 (Indochina Time)"
}

But when I use Postman to authticate with server /oauth2/token, I got back this

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb25zdW1lcklkIjoiNzJmMjc1M2QtOGFiZC00NzI1LWExM2YtMzE0MjA3NGE5MTNkIiwic2NvcGVzIjoiIiwiaWF0IjoxNTUzMjQ5MTMxLCJleHAiOjE1NjA0NDkxMzEsImF1ZCI6InNvbWV0aGluZyIsImlzcyI6ImV4cHJlc3MtZ2F0ZXdheSIsInN1YiI6InNvbWVib2R5In0.d8MLV4azAifgoYKDllqjA0l9ltJlxT6O5KVUCujOPSY 

{
  "consumerId": "72f2753d-8abd-4725-a13f-3142074a913d",
  "scopes": "",
  "iat": 1553249131,
  "exp": 1560449131,
  "aud": "something",
  "iss": "express-gateway",
  "sub": "somebody"
}
  1. (72f2753d-8abd-4725-a13f-3142074a913d) is not my user id, how I get my user id downto endpoint service?
  2. Why sub fields in jwt response token and config are same. I think sub field in jwt token must be userId or appID !!!! This "sub" field can not remove from config !!!

Thanks
@XVincentX XVincentX mentioned this issue Jul 27, 2019
Closed
@XVincentX
Copy link
Member

@aroopghoshtarento @duongvanba

Apparently you're both facing the same problem of receiving the application detail instead of the user details, which is what probably you're looking for.

Although the identity code in Express Gateway is effectively a mess, I still think it works correctly. I need your help to identify the issue (if any) and solve it.

Would it be possible to provide a detailed step-to-step reproduction guide?

  1. System and Gateway configuration files
  2. ALL the CURL calls doing to the server (or EG CLI Commands), from user/app creation to login and stuff?

Otherwise I'm fundamentally blind here and I cannot really help you.

@snyk-bot snyk-bot mentioned this issue Jan 24, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XVincentX @duongvanba