I configured the edgemicro and configured my API product and Developer App. I am also able to generate my access token.
$ ./node_modules/edgemicro/cli/edgemicro token get -o *** -e prod -i *** -s *** current nodejs version is v5.0.0 current edgemicro version is 2.4.6 { token: 'eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ' }
When I try to use this token immediately, I get the below error:
$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ" -i http://localhost:8000/hello/echo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 25 100 25 0 0 178 0 --:--:-- --:--:-- --:--:-- 201HTTP/1.1 401 Unauthorized content-type: application/json Date: Fri, 16 Jun 2017 05:51:01 GMT Connection: keep-alive Content-Length: 25 {"error":"invalid_token"}
But when I try the same token after a couple of minutes, it seems to work.
$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ" -i http://localhost:8000/hello/echo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 703 0 703 0 0 1024 0 --:--:-- --:--:-- --:--:-- 1047HTTP/1.1 200 OK access-control-allow-origin: * content-type: application/json; charset=utf-8 date: Fri, 16 Jun 2017 05:57:32 GMT etag: W/"2bf-EJujd42L5BmQgsq8DWlJGw" x-powered-by: Apigee x-response-time: 667 Connection: keep-alive Transfer-Encoding: chunked {"headers":{"host":"mocktarget.apigee.net","accept":"*/*","user-agent":"curl/7.45.0","via":"1.1 localhost","x-authorization-claims":"eyJhdWRpZW5jZSI6Im1pY3JvZ2F0ZXdheSIsImp0aSI6IjI0NjE0OGE1LWQyNmMtNDNkNi05NGMwLTQzNDE2N2QzZWM3NiIsImlzcyI6Imh0dHBzOi8vZ2lyaXNoZ2FqcmlhLXByb2QuYXBpZ2VlLm5ldC9lZGdlbWljcm8tYXV0aC90b2tlbiIsImFjY2Vzc190b2tlbiI6IlNFQ0FtcW5QZmNMTm9zSk9KdlpHNDczRXIzMGkiLCJuYmYiOjE0OTc1OTIzMDYsInNjb3BlcyI6WyIiXX0=","x-forwarded-host":"localhost:8000","x-request-id":"58c4bbd0-5257-11e7-82ac-1d5d6b2f5a14.832d8e50-5258-11e7-82ac-1d5d6b2f5a14","x-forwarded-for":"::1, 121.242.128.86","x-forwarded-port":"80","x-forwarded-proto":"http","connection":"keep-alive"},"method":"GET","url":"/","body":""}
Any ideas, on what is causing this delay? Is it due to my incorrect configuration? I can share my configuration files, if required. As can be surmised working off the sample provided in the docs.
Also on a related note, few more queries:
Thanks and really excited that Apigee is getting into this space. Keep up the great work.
Thanks,
Girish
Solved! Go to Solution.
@Girish Gajria, thank you, we appreciate it.
Regarding the "invalid_token" error - this only happens when the JWT verification fails. It is clear the token has not expired. My suspicion is the "nbf" claim (Not Before) in the JWT. It is possible your machine's clock is a little behind. But this is a place I would start with.
Responses to "few more queries":
Item #1: In the hybrid model, we want to strategy of centralized authoring, distributed enforcement. By defining the proxies in Edge, you are authoring them in a central location. Each distributed gateway reads the proxy configuration from the central location. In some places, like Cloud Foundry, these proxies are automatically provisioned for you when you bind route services.
Item #2: I didn't quite understand this question. The choice of exposing or not exposing microservices to the internet is yours. There are no technical restrictions one way or another.
Item #3: API Product and Developer App are necessary only if you use the OAuth plugin. If you disable the plugin, there is no need to create those entities.