I’m having issues getting authentication by JWT token roles to work.
The second rule is set to always pass, and does so successfully - it logs the user name as expected. The first rule always fails, despite the JWT showing the correct roles per jwt.io - it also fails to log the user name in the USR output field.
I’ve been banging my head on this for a few days, and have exhausted my store of ideas. Any thoughts or suggestions?
I made those changes with no improvement. The first rule continues to fail, and continues to fail to recognize the user name. (USR:[user not logged]).
My initial worry was that it was failing to decode the JWT entirely, or that I was improperly referencing the user/roles claim, but that it recognizes the user name in the second rule alleviated that concern a bit. Is there any further info I can provide that may help?
My gut tells me that it isn’t parsing the role names correctly somehow, but I’m at a loss as to how to prove that - I can’t figure out how to, or even if I’m able to, log the parsed token in any way. I followed the instructions to set the logging level to debug, which is giving quite a bit more information, not all of which is helpful.
Upon further experimentation, it looks like I can remove the .{tld} from my Auth0 claim (leaving “https://{domain}/claims/roles”), despite what their docs say they require.
I don’t feel good about this as a long term solution since it’s contradicted by what their docs state is their intended behavior, but it at least works for now, and seems to verify your conclusion that it’s the dot that’s causing the problem.
sure. I’ve started to work on RORDEV-6, which contains fixes according to json path in this rule. Then we lowered priority of the task. But I see we’ve scheduled it for a next sprint.