ccl/jwtauthccl: allow inferring of key algorithm

[kpatron-cockroachlabs]

Previously, if a user failed to provide the algorithm claim
within the JWKS, CRDB would not accept any JWTs that used
that key. This change makes CRDB accept algorithms from
specified by a JWT so long as they are compatible with the
key type (for example RSA and RSA256). This case only
applies when the JWKS does not explicitly specify an
algorithm.

This came up because Azure's listed JWKS does not specify
algorithms.

Fixes CC-8211.

Release note (bug fix): During JWT based auth, infer the
algorithm type if it is not specified by the JWKS. This
enbables support for a wider range of JWKSes.

Release justification: low danger, usability fix.

[cockroach-teamcity]

This change is 

[knz]

Reviewed 2 of 2 files at r1, all commit messages.
Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @kpatron-cockroachlabs and @rafiss)

---

-- commits line 6 at r1:
nit: -from

---

-- commits line 15 at r1:
nit: "Addresses CC-8211." (period)

---

pkg/ccl/jwtauthccl/authentication_jwt_test.go line 186 at r1 (raw file):

	_, key, _ := createJWKS(t)
	token := createJWT(t, username1, audience1, issuer1, timeutil.Now().Add(time.Hour), key, jwa.RS256)
	// Clear the algorithm

nit: period missing at end of sentence.

---

pkg/ccl/jwtauthccl/authentication_jwt_test.go line 199 at r1 (raw file):

	JWTAuthJWKS.Override(ctx, &s.ClusterSettings().SV, jwkPublicKey)

	// Now the validate call gets past the token validity check and fails on the next check (subject matching user)

ditto

[kpatron-cockroachlabs]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @rafiss)

---

pkg/ccl/jwtauthccl/authentication_jwt_test.go line 199 at r1 (raw file):

Previously, knz (Raphael 'kena' Poss) wrote…

ditto

Done.

[kpatron-cockroachlabs]

bors r+

[kpatron-cockroachlabs]

bors r+

[craig]

Build succeeded:

• Bazel Essential CI (Cockroach)