-
Notifications
You must be signed in to change notification settings - Fork 11.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: Add key_id config param to auth.jwt #72711
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good! Shouldn't we update default.ini
and sample.ini
?
Thanks, I updated defaults.ini, but forgot to update sample.ini, I'm gonna update it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, and thanks for remembering to extend the docs!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the contribution!
* Specify keyID for public key provided in PEM format for JWT Auth * Update docs * Update sample.ini (cherry picked from commit bba11d0)
* Specify keyID for public key provided in PEM format for JWT Auth * Update docs * Update sample.ini
* Specify keyID for public key provided in PEM format for JWT Auth * Update docs * Update sample.ini
What is this feature?
This PR adds a new configuration option to
auth.jwt
to specify a predefined key id (key_id
) for the public key when the public key is configured as a PEM formatted file (using thekey_file
configuration option).Why do we need this feature?
It is possible (and supported by Grafana) to use a PEM formatted public key instead of the recommended JWKS url/file, and it can happen that the JWT token's header contains a
kid
for specifying the key id that should be used to verify the signature. Previously when thekid
was specified the verification failed, because the key with the specified key id was not found.Who is this feature for?
[Add information on what kind of user the feature is for.]
Which issue(s) does this PR fix?:
Fixes #71665
Special notes for your reviewer:
Please check that: