Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jwt-auth): store JWT in the request context #11675

Merged
merged 13 commits into from
Mar 5, 2025

Conversation

mikyll
Copy link
Contributor

@mikyll mikyll commented Oct 23, 2024

Description

The changes introduce a new parameter to jwt-auth plugin's route schema: store_in_ctx. If set to true (default is false) the plugin will store the validated JWT object in the request context.

This feature is useful especially for custom plugins. For example, my company is currently using a custom ACL plugin, based on Casbin (lua-casbin), that parses a JWT to extract permissions.

Therefore, I would say this feature is useful for at least for two reasons:

  • since the JWT can be removed from the request attributes (via hide_credential = true configuration), this provides another way to pass the token, without exposing it;
  • this prevents custom plugins from duplicated code (retrieve and parse JWT object), which jwt-auth plugin already does.

Fixes #11281

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

Add new test case (jwt-auth4.t) to test the correct behaviour of `store_in_ctx` config parameter

Signed-off-by: Michele Righi <[email protected]>
Added the new config parameter in jwt-auth docs

Signed-off-by: Michele Righi <[email protected]>
@mikyll mikyll marked this pull request as ready for review October 23, 2024 14:51
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. doc Documentation things enhancement New feature or request labels Oct 23, 2024
@mikyll

This comment was marked as outdated.

@mikyll mikyll changed the title feat(jwt-auth): parameter to store JWT in the request context feat(jwt-auth): store JWT in the request context Nov 11, 2024
@juzhiyuan juzhiyuan requested a review from bzp2010 March 4, 2025 06:38
@juzhiyuan
Copy link
Member

@mikyll Thank you! I will request reviewers.

bzp2010
bzp2010 previously approved these changes Mar 4, 2025
@bzp2010 bzp2010 self-requested a review March 4, 2025 07:43
bzp2010
bzp2010 previously approved these changes Mar 4, 2025
Copy link
Contributor

@bzp2010 bzp2010 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

One suggestion for the test, it would be nice if it could be done in a clearer order like “Setup 1 - Test 1 - Setup 2 - Test 2”.

@mikyll
Copy link
Contributor Author

mikyll commented Mar 4, 2025

LGTM

One suggestion for the test, it would be nice if it could be done in a clearer order like “Setup 1 - Test 1 - Setup 2 - Test 2”.

@bzp2010 I moved the tests in a more proper order and fixed the docs a little 🙂

@bzp2010 bzp2010 requested review from kayx23 and juzhiyuan March 4, 2025 08:56
@juzhiyuan juzhiyuan merged commit 381595e into apache:master Mar 5, 2025
33 checks passed
@mikyll mikyll deleted the jwt-auth_ctx branch March 5, 2025 09:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Documentation things enhancement New feature or request size:L This PR changes 100-499 lines, ignoring generated files.
Projects
Archived in project
6 participants