Internal Server Error when calling Rasa Core API with JWT

I set up the Rasa X with docker on AWS ubuntu instance, when I try to call Rasa core API with Postman, it failed with the following 500 message.

image2250×1058 151 KB

following is the error log:

image882×325 13.9 KB

the way I generate the JWT token is send a POST request with my credential to {{rasa_url}}/api/auth and get the access_token, I tested the access_token with other RASA-X API (e.g. {{rasa_url}}/api/chatToken) it works fine.

I then ran {{rasa_url}}/core/version to test RASA API, it also works fine.

But when I pass in the same JWT token to {{rasa_url}}/core/model/parse, it failed.

Following is my rasa and rasa-x version:

{ “rasa”: { “production”: “1.10.6”, “worker”: “1.10.6” }, “rasa-x”: “0.30.1”, “keys”: [ { “alg”: “RS256”, “key”: “-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9C7x8lsDPO+dTkxPEarc\nKql7xgxU2X1h8Q5MJT/NDAfhxjAE4YBp76pyntmAu4PgR8nZH4uPoMV6AnBHBGcA\nvnwA7RRU4hOEm9rLuvfe3Zvjlg5zbNgH1INuu8ONxnshTvO9muv5aOS+DYVWMw00\niOdDxajJXksE/TerJmCNvYp2WN2q0DWjBO+O3rC+/B4U5RRPIy9XRLwoMfnVXq1c\nZ8WIBT0Lzw2U87+f05CfR9q3hp0T8a+B8EPoXhNFqgqmq3ErYfC90A743jRU3V7S\nUZdyC0kSBvj2jXpsm+CUfR1fdTiPDM+mPkytihEWQ4pIs/Hmqsm3bLkqqwImT3/v\n8wIDAQAB\n-----END PUBLIC KEY-----\n” } ] }

I got a feeling that rasa-x is using RS256 to encode JWT where rasa is using HS256 to decode, if so, how can I change my setting?

Can anyone please help, thank you.

Hi @ricky the Rasa Core API needs to be called with the RASA_TOKEN, which you can find in the environment variables in your Rasa X deployment. The url to call would then be {{rasa_url}}/core/mode/parse?token=${RASA_TOKEN}

Hi @Akelad, thank you for the solution and it works. however, is it possible to have the RASA token in the header or body instead of query params for security reason? e.g. url will be logged.

thank you.

Thanks for the suggestion, we added this as to a security improvement issue on our side