Permission Denied for login API while using JWT

Hi all,
I did set up ‘jwt’ auth method for my consul data center. The following is the payload I have used while setting up auth method.

 "Name": "my-jwt-auth-method",
 "Type": "jwt",
 "Description": "my jwt based auth method",
   "BoundIssuer": "corp-issuer",
  "JWTValidationPubKeys": [<my public key>]

The auth method setup was successful.

Later, I have framed the request payload as followed for “/acl/login” API

  "AuthMethod": "my-jwt-auth-method",
  "BearerToken":  "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21la2V5Ijoic29tZXZhbHVlIiwiaXNzIjoiY29ycC1pc3N1ZXIiLCJpYXQiOjE2ODc5MjgwNzd9.<signedpart>"

The header in JWT token is {“alg”: “RS256”, “typ”: “JWT”}
The payload for JWT token I used is
“somekey”: “somevalue”,
“iat”: 1687928077,
“iss”: “corp-issuer”
I am sure my token is signed properly using the private key associated with the public key I used as part of setting up auth method. I have checked both by passing acl Bootstrap token as part of Header and by not passing acl bootstrap token as part of header. I am getting permission denied.

May I know what is the reason?
Thank you!

Hi @murali.naru158,

Have you correspondingly set up an ACL binding rule to match on the claims in the JWT and map that to a Consul ACL policy?

Hi @blake Many thanks for your response.
Yeah… I realised my mistake 2-3 days back.
1.I did not setup role and associate it with the binding rule.
2. Also I did not specify the ClaimMappings while setting up JWT auth method.
When I corrected these two , I was able to overcome the issue.

1 Like