-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(jwt-auth): store JWT in the request context #11675
Conversation
Fixes apache#11281 Signed-off-by: Michele Righi <[email protected]>
Add new test case (jwt-auth4.t) to test the correct behaviour of `store_in_ctx` config parameter Signed-off-by: Michele Righi <[email protected]>
Added the new config parameter in jwt-auth docs Signed-off-by: Michele Righi <[email protected]>
This comment was marked as outdated.
This comment was marked as outdated.
@mikyll Thank you! I will request reviewers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
One suggestion for the test, it would be nice if it could be done in a clearer order like “Setup 1 - Test 1 - Setup 2 - Test 2”.
@bzp2010 I moved the tests in a more proper order and fixed the docs a little 🙂 |
Description
The changes introduce a new parameter to jwt-auth plugin's route schema:
store_in_ctx
. If set totrue
(default isfalse
) the plugin will store the validated JWT object in the request context.This feature is useful especially for custom plugins. For example, my company is currently using a custom ACL plugin, based on Casbin (lua-casbin), that parses a JWT to extract permissions.
Therefore, I would say this feature is useful for at least for two reasons:
hide_credential = true
configuration), this provides another way to pass the token, without exposing it;jwt-auth
plugin already does.Fixes #11281
Checklist