feat(plugin-jwt) rs512 #2666
feat(plugin-jwt) rs512 #2666
Conversation
kong/plugins/jwt/daos.lua
Outdated
| @@ -12,7 +12,7 @@ local SCHEMA = { | |||
| key = {type = "string", unique = true, default = utils.random_string}, | |||
| secret = {type = "string", unique = true, default = utils.random_string}, | |||
| rsa_public_key = {type = "string"}, | |||
| algorithm = {type = "string", enum = {"HS256", "RS256", "ES256"}, default = 'HS256'} | |||
| algorithm = {type = "string", enum = {"HS256", "RS256", "ES256","RS512"}, default = 'HS256'} | |||
There was a problem hiding this comment.
Could we move RS512 next to RS256? Thanks!
| assert(jwt_parser:new(token)) | ||
| end) | ||
|
|
||
|
|
There was a problem hiding this comment.
It seems like this file got many undesired blank lines. Could we remove them?
| end) | ||
|
|
| assert.True(jwt:verify_signature(fixtures.rs512_public_key)) | ||
| assert.False(jwt:verify_signature(fixtures.rs512_public_key:gsub('AE=', 'zzz'))) | ||
| end) | ||
|
|
| @@ -232,13 +238,13 @@ describe("Plugin: jwt (access)", function() | |||
| it("verifies JWT", function() | |||
| PAYLOAD.iss = rsa_jwt_secret_1.key | |||
| local jwt = jwt_encoder.encode(PAYLOAD, fixtures.rs256_private_key, 'RS256') | |||
| local authorization = "Bearer "..jwt | |||
| local authorization = "Bearer " .. jwt | |||
There was a problem hiding this comment.
It doesn't seem like this change is related to the scope of this PR?
There was a problem hiding this comment.
(style updates of legacy - unrelated - code should not be part of such a feature PR, is what I mean)
| local res = assert(proxy_client:send { | ||
| method = "GET", | ||
| path = "/request", | ||
| headers = { | ||
| ["Authorization"] = authorization, | ||
| ["Host"] = "jwt.com" | ||
| ["Host"] = "jwt.com", |
| it("verifies JWT", function() | ||
| PAYLOAD.iss = rsa_jwt_secret_3.key | ||
| local jwt = jwt_encoder.encode(PAYLOAD, fixtures.rs512_private_key, 'RS512') | ||
| local authorization = "Bearer "..jwt |
There was a problem hiding this comment.
However, this line is missing spaces around the concatenation operator ;)
spec/03-plugins/17-jwt/fixtures.lua
Outdated
| @@ -39,6 +39,46 @@ FLiGOm5uTMEk8S4txs2efueg1XyymilCKzzuXlJvrvPA4u6HI7qNvuvkvUjQmwBH | |||
| gwIDAQAB | |||
| -----END PUBLIC KEY----- | |||
| ]], | |||
| rs512_private_key = [[ | |||
There was a problem hiding this comment.
The spaces at the beginning of this line are undesired; other keys are not indented like so.
thibaultcha
added
the
pr/changes requested
kong/plugins/jwt/daos.lua
Outdated
| @@ -21,6 +21,12 @@ local SCHEMA = { | |||
| if plugin_t.algorithm == "RS256" and crypto.pkey.from_pem(plugin_t.rsa_public_key) == nil then | |||
| return false, Errors.schema "'rsa_public_key' format is invalid" | |||
| end | |||
| if plugin_t.algorithm == "RS512" and plugin_t.rsa_public_key == nil then | |||
| return false, Errors.schema "no mandatory 'rsa_public_key'" | |||
There was a problem hiding this comment.
looks like we're indenting too far here? indents should be two spaces.
There was a problem hiding this comment.
Good catch! @sarraz1 Any updates here? Those style issues are all that's left for us to merge it, if you address them we won't hesitate to push the button :)
There was a problem hiding this comment.
Hello, the requested changes were committed. Regards ;-)
* add a new value to the enum for `config.algorithm`: `RS512` * add support for RS512 signing and verification in the `jwt_parser.lua` module * appropriate unit and integration tests * add a new RS512 key pair to the tests fixtures From #2666 Implements #2473 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
|
Manually merged to master with a few changes in the tests, code style and commit message. Thank you! |
Add support of RS512 algorithm for signing tokens in jwt plugin.
This add-on is based on the already-used module "crypto".
This pull request contains all the updates submitted by he review of the PR #2642 (from next branch). And this previous one have to be cancelled.