Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(authn): allow validation of jwt subject claim #2995

Merged
merged 3 commits into from
Apr 16, 2024
Merged

feat(authn): allow validation of jwt subject claim #2995

merged 3 commits into from
Apr 16, 2024

Conversation

markphelps
Copy link
Collaborator

Re: #2985

  • Adds support for validating subject in JWT claims
  • Custom claim validation support will require more work as the library we use to validate JWTs does not support custom claim validation so we will need to do it ourselves

/cc @tstraley

@markphelps markphelps added the needs docs Requires documentation updates label Apr 15, 2024
@markphelps markphelps requested a review from erka April 15, 2024 13:40
@markphelps markphelps requested a review from a team as a code owner April 15, 2024 13:40
@erka
Copy link
Collaborator

erka commented Apr 15, 2024

@markphelps. I would like to have a bit more clarity about it. Usually jwt sub is the unique user. Do we want to restrict access only for one person? Or should we allow the list of subjects in configuration?

erka
erka approved these changes Apr 15, 2024
View reviewed changes
Copy link
Collaborator

@erka erka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@markphelps It looks great. It would be nice to have two extra subtests in TestJWTAuthenticationInterceptor with testing sub

@markphelps
Copy link
Collaborator Author

@markphelps. I would like to have a bit more clarity about it. Usually jwt sub is the unique user. Do we want to restrict access only for one person? Or should we allow the list of subjects in configuration?

I would think so as well, however the JWT library we use that performs the validation also only validates a single subject: https://github.com/hashicorp/cap/blob/1b8eac34c97dffae4f63761b6848c8a4e5590d54/jwt/jwt.go#L164-L166

@markphelps
feat(authn): allow validation of jwt subject claim
ced3eb4 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
@markphelps
chore: add jwt subject to schemas
ec5dc16 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
@markphelps
chore: add test
b9e8cd1 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
@markphelps markphelps enabled auto-merge (squash) April 16, 2024 00:22
GeorgeMac
GeorgeMac approved these changes Apr 16, 2024
View reviewed changes
Copy link
Contributor

@GeorgeMac GeorgeMac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🕶️

@markphelps markphelps merged commit 81772a5 into main Apr 16, 2024
29 checks passed
@markphelps markphelps deleted the jwt-validate-sub branch April 16, 2024 12:58
@markphelps markphelps mentioned this pull request Apr 25, 2024
Merged
@markphelps markphelps removed the needs docs Requires documentation updates label May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erka erka erka approved these changes

@GeorgeMac GeorgeMac GeorgeMac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@markphelps @erka @GeorgeMac