admin管理员组文章数量:1389758
I want to implement out callout authentication on NATS. I have created a console application that listens to the $SYS.REQ.USER.AUTH topic. Based on the received username and password, I generate a JWT token and allow the user to access their authorized topics. However, after generating the token, I encounter the following error:
Has anyone faced a similar issue? Thanks in advance.
7] 2025/03/12 18:47:28.318794 [ERR] 127.0.0.1:34882 - cid:32 - authentication error - User "alice" 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.318831 [TRC] 127.0.0.1:34882 - cid:32 - ->> [-ERR Authorization Violation] 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.318869 [DBG] 127.0.0.1:34882 - cid:32 - Client connection closed: Authentication Failure 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.318941 [WRN] Not an authorization request claim 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.318973 [TRC] ACCOUNT - <-> [DELSUB 28] 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.318990 [ERR] 127.0.0.1:34882 - cid:32 - authentication error - User "alice" 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.319038 [TRC] ACCOUNT - <<- [PUB $SYS.ACCOUNT.CLIENT.AUTH.ERR 763] 2025-03-12 21:47:28 [7] 2025/03/12 18:47:28.319047 [TRC] ACCOUNT - <<- MSG_PAYLOAD: ["{"type":"io.nats.server.advisory.v1.client_disconnect","id":"KOwQzxP6idqSC7QHOVpLD5","timestamp":"2025-03-12T18:47:28.318985439Z","server":{"name":"NAIKY3SN333SJMWKMJVCTK77YY5MFOHOVWZLIKMGXCQ4EHGUDJE3TMLQ","host":"0.0.0.0","id":"NAIKY3SN333SJMWKMJVCTK77YY5MFOHOVWZLIKMGXCQ4EHGUDJE3TMLQ","domain":"mainnode","ver":"2.10.26","jetstream":true,"flags":3,"seq":280,"time":"2025-03-12T18:47:28.319024442Z"},"client":{"start":"2025-03-12T18:47:28.313633709Z","host":"127.0.0.1","id":32,"acc":"AUTH","user":"alice","name":"NATS CLI Version 0.1.6","lang":"go","ver":"1.38.0","rtt":621000,"stop":"2025-03-12T18:47:28.318985439Z","kind":"Client","client_type":"nats"},"sent":{"msgs":0,"bytes":0},"received":{"msgs":0,"bytes":0},"reason":"Not an authorization request claim"}"]
private static string CreateUserJwt(User user, AuthorizationRequest request){
var issuerKey = "SAAH3RHRIFXZGSPDONXD3X2LK4LUSQSEPFXFIROLEH6C2UJBHHTVGX5KLI";
var IssuerPublicKey = "ABC53VGEEBXCIWW4AJKLL2JMVPUUXXF74LCM3Q6AHLPWKH5JLDO7VCGQ";
var keyPair = Nkeys.FromSeed(issuerKey);
var jwtHeader = new
{
typ = "JWT",
alg = "ed25519-nkey"
};
var natsData = new
{
type = "user",
version = 2,
pub = new
{
allow = new[] { "test.>" }
},
sub = new
{
allow = new[] { "test.>" }
},
data = -1,
payload = -1
};
var jwtPayload = new
{
aud = request.Nats.ServerId.Id,
jti = Guid.NewGuid().ToString().Replace("-", "").ToUpper(),
iat = DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
iss = IssuerPublicKey,
name = user.Username,
sub = request.Nats.UserNKey,
nats = natsData
};
string encodedHeader = Base64UrlEncode(JsonConvert.SerializeObject(jwtHeader));
string encodedPayload = Base64UrlEncode(JsonConvert.SerializeObject(jwtPayload));
// JWT Signing Input
string signingInput = $"{encodedHeader}.{encodedPayload}";
byte[] signingBytes = Encoding.UTF8.GetBytes(signingInput);
byte[] signature = keyPair.Sign(signingBytes);
string encodedSignature = Base64UrlEncode(signature);
string jwtToken = $"{encodedHeader}.{encodedPayload}.{encodedSignature}";
return jwtToken;}
nats-server.conf
**# Account configuration**
accounts {
AUTH: {
users: [{ user: auth, password: auth }]
},
SYS: {},
ACC: {}
}
**# Authorization & Auth Callout Configuration**
authorization {
auth_callout {
account: AUTH
users: ["auth"]
issuer:
"ABC53VGEEBXCIWW4AJKLL2JMVPUUXXF74LCM3Q6AHLPWKH5JLDO7VCGQ"
}
}
**# Set system account**
system_account: SYS
本文标签: queuec NATS auth callout AuthenticationStack Overflow
版权声明:本文标题:queue - c# NATS auth callout Authentication - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744733068a2622161.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论