Using REST API with JWT_TOKEN

Hello everyone!

Trying to figure out how to use lora_app_serv API. Need a helping hand…
What I’ve done:

  1. Generated and set JWT_SECRET in /etc/default/lora-app-server as follows (deleted ‘=’ symbol at the end of the line, it’s ok?):

JWT secret used for api authentication / authorization
You could generate this by executing ‘openssl rand -base64 32’ for example
JWT_SECRET=I1NtY21SMC1X4+lfjbfupgc3+tgqMao2SXICGuPq9JI

  1. Claimed new JWT using https://jwt.io/ with the following payload:

{
“iss”: “lora-app-server”,
“aud”: “lora-app-server”,
“nbf”: 1508748150,
“exp”: 1600000000,
“sub”: “admin”,
“username”: “admin”
}

and with mentioned above SECRET.

So I got encoded JWT TOKEN, something like this:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJhdWQiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJuYmYiOjE1MDg3NDgxNTAsImV4cCI6MTYwMDAwMDAwMCwic3ViIjoiYWRtaW4iLCJ1c2VybmFtZSI6ImFkbWluIn0.klWiqVwZg2BzHLgNPKTokci3aEG1HSttK1ro37VRxRI

What I’ try to do:
I open the web-page at, for example, https://localhost:8080/api#!/Application/List and paste the TOKEN at the top right corner of the form (where it has to be). Next I open any form (let’s say it is something like
get /api/applications) enter required info at the fields and push Try it out button. And I get this error:

{
“error”: “authentication failed: jwt parse error: signature is invalid”,
“code”: 16
}

What I’m doing wrong? It says that signature is invalid. I’m new to this so don’t kick hard))

Please use sub: user instead of admin as you try to authenticate an user :slight_smile: However, that is not this issue.

When I try to validate your JWT token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJhdWQiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJuYmYiOjE1MDg3NDgxNTAsImV4cCI6MTYwMDAwMDAwMCwic3ViIjoiYWRtaW4iLCJ1c2VybmFtZSI6ImFkbWluIn0.klWiqVwZg2BzHLgNPKTokci3aEG1HSttK1ro37VRxRI

With secret:

I1NtY21SMC1X4+lfjbfupgc3+tgqMao2SXICGuPq9JI

At jwt.io, it also says invalid signature. Probably the issue is that you ticked the “secret is base64 encoded” box. In this case your secret is base64 encoded, but basically every string can be used. The openssl example is just an example to get a random string (which happens to be base64).

Re-generate the JWT token without this box checked and I think it should work :slight_smile:

1 Like

Thank you Orne!
Now it works. The right sequence is to put secret first in form and then put payload. The form seems to be processing the payload using secret. You can not encode something with no secret sat)

I made everything as you described. And as a result too majority. I can be not incorrect that I insert it. You could not generate to me JWT and the hint it, where to insert that it will just be convinced that REST works

Hey! Try this one:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJhdWQiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJuYmYiOjE0ODk1NjY5NTgsImV4cCI6MTUxNDc2NDgwMCwic3ViIjoidXNlciIsInVzZXJuYW1lIjoiYWRtaW4ifQ.eC7uVLyWBXjj0WiUVk2MPStFCgVlVUgOfl1nA8zQm0A

Thank you. It’s work

Hello everyone, I apologize for bumping the thread after three years. This is my first post here and so far I have been able to get the server up and running, added a gateway, two devices, had successful data movement and I was even able to integrate the application server with Influxdb and visualise it with Grafana. However I was trying to work with the HTTP API integration, and failed. Here are further details:
In the api page, I obtained the JWT Token from internal login and verified the key using jwt.io. I then entered the JWT key and reloaded the page. When I went to the device eui section, I did not get a dropdown with the list of device EUIs. When I entered the device EUI manually, it threw the following error:

{
“error”: “authentication failed: get token from context error: no authorization-data in metadata”,
“code”: 16,
“message”: “authentication failed: get token from context error: no authorization-data in metadata”,
“details”: []
}

I looked at another post which was redirected to this post regarding the same issue. All the posts seem to have been a JWT configuration issue. However I don’t think I have those issues and so I had to bring this topic back up. I am new to APIs, never have worked with them before so I hope I get some advice on this.

{
“content-length”: “220”,
“content-type”: “application/json”,
“date”: “Thu, 08 Oct 2020 [09:10:48]GMT”,
“grpc-metadata-content-type”: “application/grpc”,
“grpc-metadata-ctx-id”: “id”, (I replaced the id here)
“grpc-metadata-trailer”: “Grpc-Status, Grpc-Message, Grpc-Status-Details-Bin”
}

This is the response header.

Thanks in advance! :smiley:
Vish

Hello everyone, I was able to solve it, but it only works on Firefox and does not work on both Chrome and Edge. Is there any particular reason for this? And is there any workaround? Will this issue also persist if say one day I want to make an App and call data from the server using the API?

Vish

hi guys,

i am trying to get the chirpstack-fuota-server talking to the application-server but i dont really understand what i have to do.
I generated an API-Key through the webinterface of my application-server and thought that this key is my token^^^ Unfortunately i don’t know how to go on with JWT because i have no idea how my payload should look like to generate a valid token

Here the Error of /examples/class_c/main.go:

INFO[0014] storage: deployment device created

WARN[0014] [transport] transport: http2Server.HandleStreams failed to read frame: read tcp 127.0.0.1:8070->127.0.0.1:46638: read: connection reset by peer
error=“rpc error: code = Unauthenticated desc = authentication failed: jwt parse error: signature is invalid” grpc.code=Unauthenticated grpc.method=Get grpc.service=api.ApplicationService grpc.time_ms=8.858 span.kind=client system=grpc
ERRO[0014] api: fuota deployment error deployment_id=e52c4928-b7d8-4781-844d-728da71b0a22 error=“get application error: rpc error: code = Unauthenticated desc = authentication failed: jwt parse error: signature is invalid”

Hi Guys,
sorry for jumping into this thread but am having the same of authenicating via API call using the jwt_secret in the toml file of the lora-app-server.

I generate the JWT token based on the secret in code and also using jwt.io (both result the same token string) but when I goto call any of the apis I get:
{
“error”: “authentication failed: not authorized”,
“code”: 16,
“message”: “authentication failed: not authorized”,
“details”: []
}

My date packet passed to jwt is
{
“aud”: “lora-app-server”,
“iss”: “lora-app-server”,
“sub”: “user”,
“username”: “gary@heatboss.co.uk
}

and the secret is the same as what is in the toml file. The user exist and I can login using this with standard password on the UI.

Can someone please tell me what I need to do to get the API calls working as I have a code base that needs to call into the Chirpstack app server apis.

Thanks
Gary

You can create an Org API key in app server.
Then use that API key instead.