https://supertokens.com/
Join Discord
Menu
Home
Archive
Hello. guys. I have a question about microservice JWT verification. Been following through the docs ...
# support-questions-legacy
l
Hello. guys. I have a question about microservice JWT verification. Been following through the docs but still didn't understand
p
hi. ask away 🙂
l
This is from your docs.
my question is it can be used.
jwt should be taken from headers?
p
The most straightforward way to do machine-to-machine auth is the authorization header I'd say.
just to clarify: this is between two of your microservices?
l
yes.
p
So yeah, I'd use an authorization header to transfer this token between them.
l
yes I understand that. give me a sec I will try something
I send a request from UI. I receive data and forward this request with generated JWT token to MS. I receive this JWT and I hve trouble with verifing it
Thos are headers that I receive on MS
p
how are you sending/parsing this header? I'm just guessing but you might be missing a base 64 decode while parsing it.
l
there is nothing said about base 64
jwt I should get from headers.authorization right?
p
sure, but the authorization header in your screenshot looks like it has been base 64 encoded
l
I'm using your library and nothing more
p
can you show me how you make the call to the other microservice?
or how you are adding the authorization header?
l
p
oh I see. the screenshot was just cut off weirdly and I missed "."s
what goes wrong while verifying it?
also, you can copy and paste the token into jwt.io to check
l
token is not valid
token generated by createJWT is not walid in jwt.io
p
hmm, could you paste the token here?
l
eyJraWQiOiI0NTg5NDcxYS1lMDQ1LTQ3ZGQtOGY3NC1lNjFlNDNkOTVmODEiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJkYXRhIjoic2RmIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwic291cmNlIjoibWljcm9zZXJ2aWNlIiwiZXhwIjo0ODE4NzM4MzczLCJpYXQiOjE2NjUxMzgzNzJ9.EgOymmM2uuaSIe09P6jAWIaI6Pg6M1mvF8KF1XqKN0_MpF3ZdTbKB_5KoQtYrQqX567x-Xqu55IAgRhyA9RC0XD3aXekOkRW5TsnCq1dK_xPKK-pdVGpNtAgSDMdj99worepk8qIBKQYkU68RG_DauGbCUDzRFV4Rb-dk6xObFv0GxEcIU3pMz45ynPqIWZwexIWy2i-W7flUdq-AYugzoZlR_qGLnjnvQkrQIi8UTiadsTQFUfCwJYODKsuT0Rqz9o2qJ7ghFf9IcxqJX7A-8EdsIKj1r2K5RMGtPyOr4PyZ4oQpJdaJTAdTT_i0hcY7fQJTO8OQ6MI7g2bg1hSdQ
p
pasting this seems to be working for me
I mean they can't check the signature of course, because they'd need the jwks endpoint of backend to do that.
l
So it should be invalid then?
p
the signature checking won't work on jwt.io if you don't copy/paste your keys, that's correct. but on the right you should be able to see your data decoded.
l
yes that I saw
p
what goes wrong/what exception are you getting while verifying the token?
can you also show how you are doing that?
l
p
right, so please try and log the value of the jwt before calling verify.
what I think you'll find is that you didn't cut off the "Bearer " prefix
l
nope I didn't
but in this case should I send this prefix?
p
that's the standard way of doing it. but you don't really need it.
it's between your own microservices... so it's your call.
l
Ok i does work
p
great 🙂
l
so it will be cool if you add that to your docs that user don't need to use bearer or the need to cut of that or just include siome function that will cut of that bearer for the user
Overall I am still learning supertokens and I'm pretty happy about that. But docs sometimes are not straight forward
p
any feedback and suggestions are welcome 🙂
I'm not sure where we'd add this advice, since we never recommend adding the bearer prefix (or offer advice on how you can transport this between microservices I think)
l
p
ooh, right. I was looking at the main jwt docs, not the microservice specific ones. I thought the search function worked across these recipes
I'll open an issue about this in our docs repo or you can open one as well if you'd like to track this 🙂
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by