Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic subscription via JWT claims doesn't support array of strings as values #381

Open
patrickmedina opened this issue May 31, 2021 · 1 comment · May be fixed by #386
Open

Automatic subscription via JWT claims doesn't support array of strings as values #381

patrickmedina opened this issue May 31, 2021 · 1 comment · May be fixed by #386
Assignees
Labels

Comments

@patrickmedina
Copy link

Summary and context

Automatic subscription only supports strings as claims value. When passing claims with array of strings, the automatic subscription doesn't work at all. The most common use case for this is the "Roles" claim which is typically provided as an array of strings. Though this subscriptions can be added later after initiating the websocket/sse connection, it would be beneficial to have this as part of the automatic subscription via JWT claims during connection.

How to reproduce

When I run RIG with these settings:

JWT

{
    "iss": "Online JWT Builder",
    "iat": 1622458324,
    "exp": 1653994324,
    "aud": "www.example.com",
    "sub": "jrocket@example.com",
    "GivenName": "Johnny",
    "Surname": "Rocket",
    "Email": "jrocket@example.com",
    "Roles": [
        "Admin",
        "Tester"
    ]
}

Example Event

{"data":{"clientId":"Personnel30","name":"User1","position":{"x":5170,"y":-2480,"z":370},"timestamp":"12304967032","userType":"Admin"},"id":"58bc0707-a9d7-41f8-91eb-12db371ff272","source":"test","specversion":"0.2","time":"2021-05-04T02:58:16Z","type":"position"}

Extractor json

{
        "position": {
                "userType": {
                        "stable_field_index": 1,
                        "event": {
                                "json_pointer": "/data/userType"
                        },
                        "jwt": {
                                "json_pointer": "/Roles"
                        }
                }
        }
}

..and set up clients and services like this:

Websocket connection

wscat -c ws://localhost:4000/_rig/v1/connection/ws\?jwt\=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjI0NTgzMjQsImV4cCI6MTY1Mzk5NDMyNCwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlcyI6WyJBZG1pbiIsIlRlc3RlciJdfQ.H8y1h8lwC4Jw-zUWY5Rlmkut9xnv9lVCDRue7NVLWSY

Websocket response

{"data":[{"eventType":"position","oneOf":[{"userType":["Admin","Tester"]}]}],"id":"da125119-090c-4687-b3d7-a9d41c739887","source":"rig","specversion":"0.2","time":"2021-05-31T11:20:52.842666+00:00","type":"rig.subscriptions_set"}

..I see the following error and/or log output:

Unable to receive any events, neither "userType": "Admin" nor "userType": "Tester"

{"data":{"clientId":"Personnel30","name":"User1","position":{"x":5170,"y":-2480,"z":370},"timestamp":"12304967032","userType":"Admin"},"id":"58bc0707-a9d7-41f8-91eb-12db371ff272","source":"test","specversion":"0.2","time":"2021-05-04T02:58:16Z","type":"position"}

or

{"data":{"clientId":"Personnel30","name":"User1","position":{"x":5170,"y":-2480,"z":370},"timestamp":"12304967032","userType":"Tester"},"id":"58bc0707-a9d7-41f8-91eb-12db371ff272","source":"test","specversion":"0.2","time":"2021-05-04T02:58:16Z","type":"position"}

..but I really expected this:

RIG should accept events with /data/userType value of either "Admin" or "Tester". I think there should be parsing during automatic subscription when the value of the json pointer is an array of strings, it should add the values in the array as "oneOf" values.
Current subscription

{"data":[{"eventType":"position","oneOf":[{"userType":["Admin","Tester"]}]}],"id":"da125119-090c-4687-b3d7-a9d41c739887","source":"rig","specversion":"0.2","time":"2021-05-31T11:20:52.842666+00:00","type":"rig.subscriptions_set"}

Expected subscription

{"data":[{"eventType":"position","oneOf":[{"userType":"Admin"},{"userType":"Tester"}]}],"id":"da125119-090c-4687-b3d7-a9d41c739887","source":"rig","specversion":"0.2","time":"2021-05-31T11:20:52.842666+00:00","type":"rig.subscriptions_set"}

Versions (please complete the following information):**

  • Host OS: MacOS(RIG running on docker)
  • Frontend: curl, wscat, kafkacat
  • RIG version as shown on startup: Reactive Interaction Gateway 3.0.0-alpha.2 [rig@127.0.0.1, ERTS 11.1.8, OTP 23]
@patrickmedina
Copy link
Author

Related with #377 with regards to JWT validation using external service during connection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
2 participants