JWT authentication issuer not configured error

[hinawatts]

Hi,
I am trying to enable JWT authentication in envoy.yaml. The token passed in request is generated by service hosted by our company. And in this token, we don't use 'iss' (issuer) claim. And when I use envoy with configuration for JWT, I get an error "Jwt issuer is not configured". Can I skip the issuer validation in JWT auth in envoy?

[hinawatts]

Please let me know if there is any suggestion here.

[qiwzhang]

Unfortunately, "iss" is a required field in Envoy jwt_authn filter.

[Jeskz0rd]

Is there any other options for this issue?

[qiwzhang]

We can add a new field in jwt_authn JwtProvider config to specify field name to extract issuer. Such as

// The field name in jwt payload to specify issuer.
// Normally "iss" is used. If other field name is used, use this field to specify it.
string issuer_field_name = 9;

[qiwzhang]

Hi @mattklein123 please assign this to me.

[qiwzhang]

It turn out "iss" is not needed in most cases. Change the code to: if "iss" is not in the jwt payload, not to verify it.

[ycfreeman]

seems the fix is not applied to the related .proto file?