Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

There is a delay between generating a edgemicro token and using it.

I configured the edgemicro and configured my API product and Developer App. I am also able to generate my access token.

$ ./node_modules/edgemicro/cli/edgemicro token get -o *** -e prod -i *** -s ***
current nodejs version is v5.0.0
current edgemicro version is 2.4.6
{ token: 'eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ' }

When I try to use this token immediately, I get the below error:

$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ"  -i http://localhost:8000/hello/echo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    25  100    25    0     0    178      0 --:--:-- --:--:-- --:--:--   201HTTP/1.1 401 Unauthorized
content-type: application/json
Date: Fri, 16 Jun 2017 05:51:01 GMT
Connection: keep-alive
Content-Length: 25


{"error":"invalid_token"}

But when I try the same token after a couple of minutes, it seems to work.

$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJhcGlfcHJvZHVjdF9saXN0IjpbIkVkZ2VNaWNyb1Rlc3RQcm9kdWN0Il0sImF1ZGllbmNlIjoibWljcm9nYXRld2F5IiwianRpIjoiMjQ2MTQ4YTUtZDI2Yy00M2Q2LTk0YzAtNDM0MTY3ZDNlYzc2IiwiaXNzIjoiaHR0cHM6Ly9naXJpc2hnYWpyaWEtcHJvZC5hcGlnZWUubmV0L2VkZ2VtaWNyby1hdXRoL3Rva2VuIiwiYWNjZXNzX3Rva2VuIjoiU0VDQW1xblBmY0xOb3NKT0p2Wkc0NzNFcjMwaSIsImNsaWVudF9pZCI6IndyUUNRcTlvZERJZVdzRmtKTnFJTTVOcXJvSWtGUXlaIiwibmJmIjoxNDk3NTkyMzA2LCJpYXQiOjE0OTc1OTIzMDYsImFwcGxpY2F0aW9uX25hbWUiOiJiYjQ1MjI0Yy05MTk2LTRmY2EtODM5Ny1jNmVjNjJhYTkxN2QiLCJzY29wZXMiOlsiIl0sImV4cCI6MTQ5NzU5MjYwNn0.SiQUV_1IT0zvEsDmq8UcIzbTfuwc6UIxcuZpz7tSVijEOSmKjOb4h6D1LiJzBtmJkbEU3I7S5l92K0bYpVPDcklr_h2qnWquka4l88s0O704xNuuCtt0vHuySL_an1QUzAAirR8iBS5lXF62qhCro8Id_AEw7rNbOiO6rPiUKRwGs7yeHYBHfU5Z-eCkymOC6LMTHHKA2NLU5M47ViCujbxXNQlWAYkPhSw7WvUTn2HNj4YT2gVrzHbYttHqWMNWtpF3ZiDlbdbzRoNG067iwraJQNdy0cdstI134lwatx5fI4D3BYpsOswaW7cqpHKFYQ4XV06LOxmXuBZXCPFgkQ" -i http://localhost:8000/hello/echo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   703    0   703    0     0   1024      0 --:--:-- --:--:-- --:--:--  1047HTTP/1.1 200 OK
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Fri, 16 Jun 2017 05:57:32 GMT
etag: W/"2bf-EJujd42L5BmQgsq8DWlJGw"
x-powered-by: Apigee
x-response-time: 667
Connection: keep-alive
Transfer-Encoding: chunked


{"headers":{"host":"mocktarget.apigee.net","accept":"*/*","user-agent":"curl/7.45.0","via":"1.1 localhost","x-authorization-claims":"eyJhdWRpZW5jZSI6Im1pY3JvZ2F0ZXdheSIsImp0aSI6IjI0NjE0OGE1LWQyNmMtNDNkNi05NGMwLTQzNDE2N2QzZWM3NiIsImlzcyI6Imh0dHBzOi8vZ2lyaXNoZ2FqcmlhLXByb2QuYXBpZ2VlLm5ldC9lZGdlbWljcm8tYXV0aC90b2tlbiIsImFjY2Vzc190b2tlbiI6IlNFQ0FtcW5QZmNMTm9zSk9KdlpHNDczRXIzMGkiLCJuYmYiOjE0OTc1OTIzMDYsInNjb3BlcyI6WyIiXX0=","x-forwarded-host":"localhost:8000","x-request-id":"58c4bbd0-5257-11e7-82ac-1d5d6b2f5a14.832d8e50-5258-11e7-82ac-1d5d6b2f5a14","x-forwarded-for":"::1, 121.242.128.86","x-forwarded-port":"80","x-forwarded-proto":"http","connection":"keep-alive"},"method":"GET","url":"/","body":""}

Any ideas, on what is causing this delay? Is it due to my incorrect configuration? I can share my configuration files, if required. As can be surmised working off the sample provided in the docs.

Also on a related note, few more queries:

  • Assuming that the run-time micro-service traffic does not flow through the Edge run-time correct? If this is the case, why do we need to configure the micro-service on the edgemicro_* proxy?
  • Can I configure a micro-service against Apigee Edge public cloud, where the micro-service operates within the intranet only? Or should the micro-service be open to the internet?
  • Is the API product & Developer App necessary? Can I have a "naked" micro-service?

Thanks and really excited that Apigee is getting into this space. Keep up the great work.

Thanks,

Girish

Solved Solved
0 3 447
1 ACCEPTED SOLUTION

Former Community Member
Not applicable

@Girish Gajria, thank you, we appreciate it.

Regarding the "invalid_token" error - this only happens when the JWT verification fails. It is clear the token has not expired. My suspicion is the "nbf" claim (Not Before) in the JWT. It is possible your machine's clock is a little behind. But this is a place I would start with.

Responses to "few more queries":

Item #1: In the hybrid model, we want to strategy of centralized authoring, distributed enforcement. By defining the proxies in Edge, you are authoring them in a central location. Each distributed gateway reads the proxy configuration from the central location. In some places, like Cloud Foundry, these proxies are automatically provisioned for you when you bind route services.

Item #2: I didn't quite understand this question. The choice of exposing or not exposing microservices to the internet is yours. There are no technical restrictions one way or another.

Item #3: API Product and Developer App are necessary only if you use the OAuth plugin. If you disable the plugin, there is no need to create those entities.

View solution in original post

3 REPLIES 3
Top Solution Authors