Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while trying to authorize the request when scopes filed is not configured #972

Closed
ldclakmal opened this issue Feb 13, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#232
Closed

Error while trying to authorize the request when scopes filed is not configured #972

ldclakmal opened this issue Feb 13, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#232
Assignees
@ldclakmal
Labels
Area/Security Issues related to stdlib security module/auth module/http Points/1 Type/Bug Verson/SwanLakeDump All issues planned for Swan Lake GA release
Milestone
Swan Lake Alpha2

Comments

@ldclakmal
Copy link
Member

ldclakmal commented Feb 13, 2021
edited
Loading

Description
When a HTTP service is configured with auth annotation is http:ServiceConfig, it should try to authenticate and authorize the inbound request. When the scopes field of the auth annotation is not provided, it should avoid the authorization phase. Currently it executes the authorization phase even though the scopes field is not provided. The logic should be fixed for that use case.

Steps to reproduce:

import ballerina/http;
listener http:Listener securedEP = new (9090, config = {
    secureSocket: {
        keyStore: {
            path: "/path/to/p12",
            password: "password"
        }
    }
});

@http:ServiceConfig {
    auth: [{
        jwtValidatorConfig: {
            issuer: "ballerina",
            audience: "vEwzbcasJVQm1jVYHUHCjhxZ4tYa",
            trustStoreConfig: {
                certificateAlias: "alias",
                trustStore: {
                    path: "/path/to/p12",
                    password: "password"
                }
            }
        }
    }]
}
service on securedEP {
    resource function get whoiam() returns @http:Payload {mediaType: "application/json"} json {
        return {"version": "v1"};
    }
}
curl https://localhost:9090/whoiam -k \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QiLCAia2lkIjoiTlRBeFptTXhORE15WkRnM01UVTFaR00wTXpFek9ESmhaV0k0TkRObFpEVTFPR0ZrTmpGaU1RIn0.eyJpc3MiOiJiYWxsZXJpbmEiLCAic3ViIjoiYWRtaW4iLCAiYXVkIjoidkV3emJjYXNKVlFtMWpWWUhVSENqaHhaNHRZYSIsICJqdGkiOiJmMTJhYmE1Zi03MGQ2LTQ4OWUtODJkMi0yNTI1YzE1OGVkY2YiLCAiZXhwIjoxNjEzMjM0NDk1LCAibmJmIjoxNjEzMjMwODk1LCAiaWF0IjoxNjEzMjMwODk1fQ.Y5uu3BrQLDVIfkwR2b82Jv_KWpwYP2Wxtm22ufXKRV0A7mhZp0ljqYskBpJHNx6SR7D5Kxw7SOlhuU9BWQT_ZZNeHc2xIkZGZZyx3WwcAC8cFvM-XXJhkuRQyEdJ5uZtRl89ZbJ4PKLsc9_ENR5jgwfQNv3B1KOP_tG5KUtBt2VfIrfLcP3R9Pr6ZtYYA0AZxi7zB-lY6xT5H2OdecaSCNuykvsFL-pwfE5VP4E2v3ZukP79kT0hi6m4X0B93FKQBdkEHwGJVZW1P-JcQMybgfty9pDueAmWpTzZs5JaXsy32bB_DAIfEyYiKsS20e7Dr1NEOuAFpcaxgOwR7X6T6A'
[ballerina/http] started HTTPS/WSS listener 0.0.0.0:9090
error: {ballerina}TypeCastError {"message":"incompatible types: '()' cannot be cast to 'string|string[]'"}
	at ballerina.http.1_0_6:tryAuthenticate(auth_desugar.bal:78)
	   ballerina.http.1_0_6:authenticateResource(auth_desugar.bal:48)
	   kkeker.micro_bff.0_1_0.$anonType$_0:$get$whoiam(main.bal:21)

Affected Versions:
Ballerina SL Alpha2

Originally reported by Kirill Keker at Slack [1].

[1] https://ballerina-platform.slack.com/archives/C47EAELR1/p1613232067181500
@ldclakmal ldclakmal self-assigned this Feb 13, 2021
@ldclakmal ldclakmal added module/http Type/Bug Verson/SwanLakeDump All issues planned for Swan Lake GA release module/auth labels Feb 13, 2021
@ldclakmal ldclakmal mentioned this issue Feb 14, 2021
Closed
45 tasks
@ldclakmal ldclakmal added this to the Swan Lake Alpha3 milestone Feb 15, 2021
@ldclakmal ldclakmal mentioned this issue Feb 17, 2021
Merged
@ldclakmal ldclakmal added the Area/Security Issues related to stdlib security label Sep 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ldclakmal ldclakmal

Labels
Area/Security Issues related to stdlib security module/auth module/http Points/1 Type/Bug Verson/SwanLakeDump All issues planned for Swan Lake GA release
Projects
None yet
Milestone
Swan Lake Alpha2
Development

Successfully merging a pull request may close this issue.

Fix bug of trying to authorize with un-configured scopes field ldclakmal/module-ballerina-http
1 participant
@ldclakmal