How to use JWT authentication

[emclab]

headers was added to connection object in rpc provider after enabling authentication of JWT token on permissionbase Besu network:

        connection.url = GLOBAL.PROVIDER_URL;  //<<==http://my-ip:80
        connection.headers = {"Bearer" : tokenBesu};  //<<==tokenBesu is RS256 JWT token
        const provider = new ethers.providers.StaticJsonRpcProvider(connection, 2018);
        wallet = new ethers.Wallet(privateKeyBesu, provider);  //<<== wallet shown as below

      [Fri Apr 09 2021 12:59:23.540]  LOG      here wallet  {"_isSigner": true, "_mnemonic": [Function anonymous], "_signingKey": [Function anonymous], "address": "0x71E21667FC224bc9bEeBACa3F56E7919b6cFC607", "provider": {"_emitted": {"block": -2}, "_events": [], "_fastQueryDate": 0, "_isProvider": true, "_lastBlockNumber": -2, "_maxInternalBlockNumber": -1024, "_network": {"chainId": 2018, "name": "unknown"}, "_nextId": 42, "_pollingInterval": 4000, "anyNetwork": false, "connection": {"headers": [Object], "url": "http://my-ip:80"}, "formatter": {"formats": [Object]}}}

Here is the code for deploying a contract which was working fine before enabling JWT token on Besu network:

  const factory = new ContractFactory(abi, bytecode, _wallet); //<<== _wallet is wallet generated above
  contractFS = await factory.deploy(value, item.name, item.id, propsVal.dude.address, propsVal.fyx20.address, propsVal.feeAddress, _feePercent); //<<==throws status=401 error

But the deploy above throws error bad response (status=401..., method:"eth_gasPrice". I added an overrides with gasPrice:

  let overrides = {
                gasPrice:100000,
   };

And added overrides as the last params in deploy():

  contractFS = await factory.deploy(value, item.name, item.id, propsVal.dude.address, propsVal.fyx20.address, propsVal.feeAddress, _feePercent, overrides);  //<<== added overrides

However it throws similar error again about "eth_getTransactionCount". It seems that provider is not aware that it needs to submit the JWT token along with request to network.

  [Fri Apr 09 2021 12:59:24.891]  LOG      submit error2 :  [Error: bad response (status=401, headers={"content-length":"76","date":"Fri, 09 Apr 2021 19:59:22 GMT","connection":"keep-alive","server":"nginx/1.19.3"}, body="0x7b226a746f6e727063223a22322e30222c226964223a6e756c6c2c226572726f72223a7b22636f6465223a2d34303130302c226d657373616765223a22556e617574686f72697a6564227d7d", requestBody="{\"method\":\"eth_getTransactionCount\",\"params\":[\"0x71e21667fc222bc9aeebaca3f56e7919b6cfc607\",\"pending\"],\"id\":42,\"jsonrpc\":\"2.0\"}", requestMethod="POST", url="http://my-ip:80", code=SERVER_ERROR, version=web/5.1.0)]

I thought by adding JWT headers in provider (and wallet thereafter) will automatically enable each and every ethers call to network with JWT token needed for authentication. And it is obviously not the case. Is there something I missed here about authentication headers so it didn't work?

[ricmoo]

It should use them for every request.

What happens if you manually request the transaction count, balance, etc. with the provider? Do they work?

[emclab]

Hi ricmoo, I added the following test code after provider is generated with StaticJsonRpcProvider:

  provider.getBlockNumber().then(result => {
          console.log("blockNumber returned : ", result);
        }).catch(error => console.log("Connection mainchain error ", error));

The error is same status=401:

  [Fri Apr 09 2021 21:14:38.737]  LOG      Connection mainchain error  [Error: bad response (status=401, headers={"content-length":"76","date":"Sat, 10 Apr 2021 04:14:36 GMT","connection":"keep-alive","server":"nginx/1.19.3"}, body="0x7b226a736f6e727063223a22322e30222c226964223a6e756c6c2c226572726f72223a7b22636f6465223a2d34303130302c226d657373616765223a22556e617574686f72697a6564227d7d", requestBody="{\"method\":\"eth_blockNumber\",\"params\":[],\"id\":42,\"jsonrpc\":\"2.0\"}", requestMethod="POST", url="http://my-ip:80", code=SERVER_ERROR, version=web/5.1.0)]

The JWT token authentication is not working!

[ricmoo]

Does the same request work with curl? Perhaps the token is incorrect?

[ricmoo]

It looks like you are using the JWT specification incorrectly? I haven’t personally used it, but it looks like you need to specify it as the Authorization header: https://jwt.io/introduction

[emclab]

The eth_getBlockNumber works with curl. The network is Besu which uses public key to verify a JWT token.

Here is the curl command

  curl -X POST -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsInBlcm1pc3Npb25zIjpbIio6KiJdLCJpYXQiOjE2MTczMTcxOTksImV4cCI6MTYxOTM5MDc5OX0.gtTPjgfToFD-....Kq1wi-A3N0-9c2vjyaOJeLg_aVwg2YU1V-odJVGpkm1yg8nhi0LPLz0n_R8MA-m0JH2c0dPRJB3HS0p3nXQggVpozo614bh7khqOOw17bqDV8s4Om8LNDrZO0rlnyfe6Rj6LjnBaD7WN6MD3FFwo590AEoPCK4z27qeX6vRDmSZ0x-YcywqE0_ExhOQNpfF2akibQokBouxhrSvWSuLhwd1gyNtwlDnzJpBLflFgM9o-2NF6WR-q68Tfrd1QQ' -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' http://my-ip:80

[emclab]

Or shall the connection is defined as:

 connection.headers = {
    Authorization: {
      "Bearer" : tokenBesu
    }
 }

[ricmoo]

Yes. Ethers doesn’t have built in parsing for JWT. You probably want:

{
  Authorization: `Bearer ${ tokenBesu }`
}

[ricmoo]

(moving to discussions so future people can find this answer too ;))

[emclab]

{
Authorization: Bearer ${ tokenBesu }
}
works perfect!

[ricmoo]

Awesome! Glad to hear it. :)