Support for User JWTs #408
Conversation
derekcollison
force-pushed
the
userjwt
branch
2 times, most recently
from
d1705ee
to
0b7832b
Compare
Signed-off-by: Derek Collison <derek@nats.io>
derekcollison
force-pushed
the
userjwt
branch
from
0b7832b
to
684c9f4
Compare
nats.go
Outdated
| @@ -1350,8 +1425,8 @@ func (nc *Conn) connectProto() (string, error) { | |||
| token = nc.Opts.TokenHandler() | |||
| } | |||
|
|
|||
| cinfo := connectInfo{o.Verbose, o.Pedantic, nkey, sig, | |||
| user, pass, token, o.Secure, o.Name, LangString, | |||
| cinfo := connectInfo{o.Verbose, o.Pedantic, string(ujwt), | |||
There was a problem hiding this comment.
ujwt seem to be a string already, so no need to cast.
There was a problem hiding this comment.
Yes, had it as []byte at one point.
| } else { | ||
| ujwt = jwt | ||
| } | ||
| if nkey != _EMPTY_ { |
There was a problem hiding this comment.
I see that we already reject mix of NKey and UserJWT at beginning of Connect(). So why test here? Even if we want to allow options to be modified after the first Connect() (which we should not encourage), then this test should be probably done before calling o.UserJWT(), no? or at least check that returned ujwt is not empty. Meaning that if o.UserJWT() returns non empty, then we should fail if nkey is non empty too, but can be set as long as o.UserJWT() returned empty.
There was a problem hiding this comment.
I think to capture nats.Connect() and opts.Connect() scenarios.
Signed-off-by: Derek Collison <derek@nats.io>
This adds support for a user JWT. This adds to bare nkey support.
We support this as a callback to support JWT upgrades while an application is running.
We support decorated formats as provided by nsc, and we support chained files that have the user JWT and the user seed in the same file.
Signed-off-by: Derek Collison derek@nats.io