JWT Based Auth

carla.lmeida · August 28, 2019, 1:46pm

Hi everyone! I’m having some trouble trying to figure out how to use JWT based authentication and I was hoping someone could point me to the right direction

Documentation states that "Requests to the server need to contain a valid JWT token in the Authorization header that is signed using this secret and the HS256 algorithm.

The user must have username and role attributes. If the role is admin, all endpoints are accessible. If the role is user, endpoints with a sender_id parameter are only accessible if the sender_id matches the user’s username."

I was wondering how is it possible to assign to user an username and role attributes? Another question is what could be going wrong in my request (jwtToken is matching --jwt-secret in rasa run command):

curl -X POST \
  http://localhost:5002/conversations/default/execute \
  -H 'Authorization: Bearer jwtToken' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "utter_ajuda"
}'

{
    "version": "1.2.5",
    "status": "failure",
    "message": "User is not authenticated.",
    "reason": "NotAuthenticated",
    "details": {},
    "help": "https://rasa.com/docs/rasa/user-guide/running-the-server/#security-considerations",
    "code": 401
}

A bit new to this, hope someone can help! Thanks a lot in advance

ricwo · August 30, 2019, 3:56pm

Hi @carla.lmeida, thanks for your question. As you pointed out correctly, you need to attach an Authorization header with a signed JWT to your request. The payload of that JWT needs to be a dictionary with a user field, containing a dictionary with username and role fields. Here’s one way of achieving this in python:

import jwt 

payload = {"user": {"username": "user123", "role": "admin"}}
signed = jwt.encode(payload, "secret", algorithm='HS256')

now if you want to send off the request in python, your auth header would be

header = {"Authorization": "Bearer {}".format(signed)}

or if not you may take the string signed and build a header for your curl command:

-H 'Authorization: Bearer <signed>'

I hope that helps!

dwanzil · June 9, 2020, 6:21am

@ricwo In my case I am using socket.io in angular to connect with rasa by specifying user_uttered and bot_uttered. Its working perfectly fine and im able to communicate with the server without any hassles. I want to JWT based authentication for some actions. How can i pass jwt token from the angular file itself. The documentation is not detailed. There mus be a step by step guide for achieving that too.

pudasainishushant · March 22, 2021, 12:11pm

hello, could you please guide me how you implemented JWT authentication on rasa server. I ran my chatbot using rasa run
-m models
–enable-api
–log-file out.log
–jwt-secret thisismysecret

Still I am able to request the server without providing any jwt token while hitting the chatbot API. Thanks in advance

webdev-rohit · February 4, 2022, 2:17pm

Hey @dwanzil I want to know the same. Can you help me with this if you’ve already done it…

Topic		Replies	Views
How to give acces for users other than admin to localhost:5005/model/parse Rasa Open Source	2	798	April 2, 2020
Rest Api Jwt Authentication Rasa Open Source	0	338	August 9, 2022
Passing auth token in POST request in payload does not work Rasa Open Source	3	1198	September 25, 2019
How can i create jwt token for access to /chat endpoint? [Deprecated] Rasa X Community Edition rasa	2	2902	June 11, 2019
Secure communications between rasa core and custom action server Rasa Open Source	0	444	March 3, 2021

JWT Based Auth

Related Topics