permission denied error #286
Comments
|
This shall be the expect results using the regular built-in vault token access without Oauth authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I was trying to set up jwt verification using jwks method with OAuth 2.0 server as the authentication server.
So the frontend app receives a jwt token from the Oauth server and then it using this jwt token to get verified by vault (with vault setup using jwks method)
It seems to work as I can use the jwt token to login. However, I am not able to query the actual key value pair inside the vault as it throws the "permission denied" error.
Here is my policy setup:
vault policy read mysecret-testing
Policy name: mysecret-testing
path "secret/test/*" {
capabilities = [ "read", "update", "patch", "delete", "list", "create" ]
}
Here is my role setup:
vault write auth/jwt/role/demo - <<EOF
{
"role_type": "jwt",
"bound_audiences": "dgc",
"policies": ["mysecret-testing"],
"token_explicit_max_ttl": 7200,
"user_claim": "sub",
"bound_claims": {
"env": "00000000-0000-0000-0000-000000000001"
}
}
EOF
Now here is the result showing the verification of the jwt token:
vault write auth/jwt/login role=demo jwt="JWT_TOKEN"
WARNING! The following warnings were returned from Vault:
Key Value
token "sometoken"
token_accessor "someaccessor"
token_duration 2h
token_renewable true
token_policies ["default" "mysecret-testing"]
identity_policies []
policies ["default" "mysecret-testing"]
token_meta_role demo
So I know the jwks part works. Now when I tried to query the actual secret then it returns the permission denied error.
vault kv get -field=secret secret/test/00000000-0000-0000-0000-000000000001
Error making API request.
URL: GET http://localhost:9280/v1/sys/internal/ui/mounts/secret/test/00000000-0000-0000-0000-000000000001
Code: 403. Errors:
Please kindly suggest how to resolve this issue.
Thanks
wood
The text was updated successfully, but these errors were encountered: