Jwt authentication with helm


#1

Hello,

We have a realm server running in our dev environment. It has been launched using the howto on the official site. We designed our application to use JWT authentication provider and all tests in our LAB work fine. Now we are at the next stage - prepare production environment. We deployed a Kubernetes cluster in Google cloud and we deployed Realm following the helm instructions on the official site. However the JWT does not work by default - the authenticator should be enabled. I tried enabling it using the values.yml file, but we still receive an error:

error NSError domain: “io.realm.sync.auth” - code: 601 0x000000010437d580
Your request parameters did not validate. provider: Invalid parameter ‘provider’!;

We were not able to find any examples with JWT running in Kube. The help topics using “ros init” do not work, because the folders generated by init are already there.

We are out of ideas and we really hope that someone has experience with similar setup.My helm chart:

sync:
featureToken: ey…
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “tcp”
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: “3600”
coreServices:
config:
SyncProxyService: {}
RealmDirectoryService: {}
AuthService:
enableRuntimeConfiguration: true
defaultProviders:
- name: password
type: PasswordAuthProvider
config:
autoCreateAdminUser: true
- name: jwt
type: JwtAuthProvider
config:
publicKey: |-
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3HHkQWfIaNk1wOU10byB
6KOnPXZtqpeBuCF+Gf+BqkA23TIAEfRwcfPX4KyMWr4QHbyhtZohdEjDHosN+Jwx
oSfmtfqfEBBO1Te6ELLR08JQdLg9VUwo/AwGFDgb5pCoxZ3klS9x3A34XnerHmew
y145ksfztJhYKU7XkEwlMJ+Z04n6POnqhM+YqJxV9IW3TjGFyTOGz7cFH2FqVNft
yDNuWcyYV6tpLXMdW9PKtKV2b6NMHkqAAEr3u/TkZc6fbi8FFhnGl3Aq7nRRwybK
o1men03bubwYHAj6Jl71x4M8zhb/8wT5aOousD2dWfEX5wcKBeb2gIbXQWbd/KY6
1Ns4Mza1jF7MaODUX7Ei/frvqNBdaSVnIQLM0VpaSS5ClQBmJZ1lzWLndWgjTGH+
lbjzxS9IFY/NW+F/BxPSC0m0HpNt4q9yLVK+H34IiSeHG1W9JkyhNnylW87gfAVv
wWTkGgASU77+l5AT1+Ncfizm3lMP1L2AXLOjHhUh9GQ5kixvUDjRAzrNMgyG8+qU
eo6oWiZbgyvIyRU5jAdgB+ZP3f7Kp7UKPajyKr+uF+M1jPrkU3gMuJBiyilqkUOk
nTY3oJLRkPRK8PxCo+Ph/Cg2DkIsWwOlOOmBBOKyb/pqUvQCzZQiWeArEh8fkL9Z
clI5qQGCg/xtwnkPzHCDGVsCAwEAAQ==
-----END PUBLIC KEY-----
LogService: {}
HealthService: {}
WelcomeService: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
prometheus:
enabled: true
grafana:
enabled: true
service:
type: NodePort
port: 30081


#2

Can you try to connect to your instance with Studio, then open the __configuration Realm (if you don’t see it, go to View -> Show system Realms). Then click on Create AuthProviderConfig (top right) and pass in the following settings:

  • name: jwt
  • type: JwtAuthProvider
  • config: {"providerName":"jwt","publicKey":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3HHkQWfIaNk1wOU10byB\n6KOnPXZtqpeBuCF+Gf+BqkA23TIAEfRwcfPX4KyMWr4QHbyhtZohdEjDHosN+Jwx\noSfmtfqfEBBO1Te6ELLR08JQdLg9VUwo/AwGFDgb5pCoxZ3klS9x3A34XnerHmew\ny145ksfztJhYKU7XkEwlMJ+Z04n6POnqhM+YqJxV9IW3TjGFyTOGz7cFH2FqVNft\nyDNuWcyYV6tpLXMdW9PKtKV2b6NMHkqAAEr3u/TkZc6fbi8FFhnGl3Aq7nRRwybK\no1men03bubwYHAj6Jl71x4M8zhb/8wT5aOousD2dWfEX5wcKBeb2gIbXQWbd/KY6\n1Ns4Mza1jF7MaODUX7Ei/frvqNBdaSVnIQLM0VpaSS5ClQBmJZ1lzWLndWgjTGH+\nlbjzxS9IFY/NW+F/BxPSC0m0HpNt4q9yLVK+H34IiSeHG1W9JkyhNnylW87gfAVv\nwWTkGgASU77+l5AT1+Ncfizm3lMP1L2AXLOjHhUh9GQ5kixvUDjRAzrNMgyG8+qU\neo6oWiZbgyvIyRU5jAdgB+ZP3f7Kp7UKPajyKr+uF+M1jPrkU3gMuJBiyilqkUOk\nnTY3oJLRkPRK8PxCo+Ph/Cg2DkIsWwOlOOmBBOKyb/pqUvQCzZQiWeArEh8fkL9Z\nclI5qQGCg/xtwnkPzHCDGVsCAwEAAQ==\n-----END PUBLIC KEY-----"}