你可以在下面搜索框中键入要查询的问题!
我正在使用SmallRye JWT生成并验证JWT令牌
使用microservice A,我生成JWT令牌
使用microservice B,我必须验证JWT令牌
在microservice B中,我使用以下属性:
smallrye:
jwt:
verify:
key:
location: http://localhost:8084/key
jwks:
refresh-interval: 2
forced-refresh-interval: 2
token:
kid: 123452
微服务A有一个端点/密钥,可以生成JWKS:
{
"keys": [
{
"kty": "RSA",
"kid": "123452",
"n": "i7y5smIoGrMHAQnwef7DfhSsrm-locPO_I1LkKHHVb4ol_Tfu3Me5uswb7M92H_A1Mhub4Zsugy22OqKVNnX9Z9UDpu4yG-KfPJRNNI9Rzo0fIBHzf8_g_cIdiNJJbODndxVAr4I38ZcFV6rSw",
"e": "AQAB"
}
]
}
当我同时运行两个微服务时,我能够在微服务B中验证令牌。。。但是如果我重新启动微服务A(它将生成另一个JWKS),但微服务B将无法再验证JWT令牌。 在SmallRye-Quarkus文档中,我发现了以下属性:
smallrye.jwt.jwks.refresh-interval: JWK cache refresh interval in minutes. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set and no HTTP Cache-Control response header with a positive max-age parameter value is returned from a JWK set endpoint.
及
smallrye.jwt.jwks.forced-refresh-interval: orced JWK cache refresh interval in minutes which is used to restrict the frequency of the forced refresh attempts which may happen when the token verification fails due to the cache having no JWK key with a kid property matching the current token’s kid header. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set.
如您所见,我将这两个属性设置为2分钟:
smallrye:
jwt:
verify:
key:
location: http://localhost:8084/key
jwks:
refresh-interval: 2
forced-refresh-interval: 2
token:
kid: 123452
但它不起作用
我该怎么做才能让它工作? 我想再打一次钥匙。地点(http://localhost:8084/key)再次阅读新的JKWS
谢谢
共 (0) 个答案