Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Add key_id config param to auth.jwt #72711

Merged
merged 3 commits into from
Aug 3, 2023
Merged

Auth: Add key_id config param to auth.jwt #72711

merged 3 commits into from
Aug 3, 2023

Conversation

mgyongyosi
Copy link
Contributor

What is this feature?
This PR adds a new configuration option to auth.jwt to specify a predefined key id (key_id) for the public key when the public key is configured as a PEM formatted file (using the key_file configuration option).

Why do we need this feature?

It is possible (and supported by Grafana) to use a PEM formatted public key instead of the recommended JWKS url/file, and it can happen that the JWT token's header contains a kid for specifying the key id that should be used to verify the signature. Previously when the kid was specified the verification failed, because the key with the specified key id was not found.

Who is this feature for?

[Add information on what kind of user the feature is for.]

Which issue(s) does this PR fix?:

Fixes #71665

Special notes for your reviewer:

Please check that:

  • It works as expected from a user's perspective.
  • If this is a pre-GA feature, it is behind a feature toggle.
  • The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

@mgyongyosi mgyongyosi added this to the 10.2.x milestone Aug 2, 2023
@mgyongyosi mgyongyosi requested review from torkelo, a team and chri2547 as code owners August 2, 2023 08:16
@mgyongyosi mgyongyosi requested review from papagian, suntala and yangkb09 and removed request for a team August 2, 2023 08:16
linoman
linoman approved these changes Aug 2, 2023
View reviewed changes
Copy link
Contributor

@linoman linoman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good! Shouldn't we update default.ini and sample.ini?

@mgyongyosi
Copy link
Contributor Author

Looks pretty good! Shouldn't we update default.ini and sample.ini?

Thanks, I updated defaults.ini, but forgot to update sample.ini, I'm gonna update it!

IevaVasiljeva
IevaVasiljeva approved these changes Aug 2, 2023
View reviewed changes
Copy link
Contributor

@IevaVasiljeva IevaVasiljeva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and thanks for remembering to extend the docs!

chri2547
chri2547 approved these changes Aug 2, 2023
View reviewed changes
Copy link
Collaborator

@chri2547 chri2547 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution!

@mgyongyosi mgyongyosi merged commit bba11d0 into main Aug 3, 2023
11 checks passed
@mgyongyosi mgyongyosi deleted the mgyongyosi/set-keyid-for-pk-jwt-auth branch August 3, 2023 07:13
mgyongyosi added a commit that referenced this pull request Aug 3, 2023
@mgyongyosi
Auth: Add key_id config param to auth.jwt (#72711)
0bcf472 
* Specify keyID for public key provided in PEM format for JWT Auth

* Update docs

* Update sample.ini

(cherry picked from commit bba11d0)
aishyandapalli pushed a commit to aishyandapalli/grafana that referenced this pull request Aug 16, 2023
@mgyongyosi @aishyandapalli
Auth: Add key_id config param to auth.jwt (grafana#72711)
d68ed68 
* Specify keyID for public key provided in PEM format for JWT Auth

* Update docs

* Update sample.ini
chauchausoup pushed a commit to chauchausoup/grafana that referenced this pull request Sep 15, 2023
@mgyongyosi @chauchausoup
Auth: Add key_id config param to auth.jwt (grafana#72711)
a1d940d 
* Specify keyID for public key provided in PEM format for JWT Auth

* Update docs

* Update sample.ini
@zerok zerok modified the milestones: 10.2.x, 10.2.0 Oct 23, 2023
@dnhn dnhn mentioned this pull request Oct 24, 2023
Closed
@BrewTestBot BrewTestBot mentioned this pull request Oct 25, 2023
Closed
mgyongyosi added a commit that referenced this pull request Feb 8, 2024
@mgyongyosi
Auth: Add key_id config param to auth.jwt (#72711)
9c1f92e 
* Specify keyID for public key provided in PEM format for JWT Auth

* Update docs

* Update sample.ini

(cherry picked from commit bba11d0)
(cherry picked from commit 0bcf472)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@linoman linoman linoman approved these changes

@Jguer Jguer Jguer approved these changes

@IevaVasiljeva IevaVasiljeva IevaVasiljeva approved these changes

@chri2547 chri2547 chri2547 approved these changes

@torkelo torkelo Awaiting requested review from torkelo torkelo is a code owner

@papagian papagian Awaiting requested review from papagian papagian was automatically assigned from grafana/backend-platform

@suntala suntala Awaiting requested review from suntala suntala was automatically assigned from grafana/backend-platform

@yangkb09 yangkb09 Awaiting requested review from yangkb09 yangkb09 was automatically assigned from grafana/backend-platform

Assignees
No one assigned
Labels
add to changelog area/auth area/backend no-backport Skip backport of PR type/docs
Projects
None yet
Milestone
10.2.0
Development

Successfully merging this pull request may close these issues.

JWT Auth failing due to missing Key Id in keySet code structure when loading signing public key from PEM file
6 participants
@mgyongyosi @linoman @Jguer @IevaVasiljeva @chri2547 @zerok