Update dependency and docs: jwt_verify_lib (add HS256 support)#8385
Merged
lizan merged 4 commits intoenvoyproxy:masterfrom Sep 26, 2019
ryanchapman:update-jwt_verify_lib-add_hs256
Merged
Update dependency and docs: jwt_verify_lib (add HS256 support)#8385lizan merged 4 commits intoenvoyproxy:masterfrom ryanchapman:update-jwt_verify_lib-add_hs256
lizan merged 4 commits intoenvoyproxy:masterfrom
ryanchapman:update-jwt_verify_lib-add_hs256
Conversation
Signed-off-by: Ryan A. Chapman <ryan@rchapman.org>
Member
|
Can you update the doc at https://github.com/envoyproxy/envoy/blob/master/docs/root/configuration/http/http_filters/jwt_authn_filter.rst ? |
Contributor
Author
|
@lizan I did that as well in this PR. If you would like to see more than that, please let me know. |
Member
|
Ah sorry I missed that, thought you didn't change doc from PR description. |
lizan
reviewed
Sep 26, 2019
| JWKS is needed to verify JWT signatures. They can be specified in the filter config or can be fetched remotely from a JWKS server. | ||
|
|
||
| .. attention:: | ||
| Only ES256 and RS256 are supported for the JWT alg. |
Member
There was a problem hiding this comment.
nit: drop "Only", drop "," before "and".
Signed-off-by: Ryan A. Chapman <ryan@rchapman.org>
Contributor
Author
|
/AzurePipelines run |
|
Commenter does not have sufficient privileges for PR 8385 in repo envoyproxy/envoy |
Signed-off-by: Ryan A. Chapman <ryan@rchapman.org>
lizan
previously approved these changes
Sep 26, 2019
lizan
reviewed
Sep 26, 2019
bazel/repository_locations.bzl
Outdated
| urls = ["https://github.com/google/jwt_verify_lib/archive/0f14d43f20381cfae0469cb2309b2e220c0f0ea3.tar.gz"], | ||
| sha256 = "38a93926f362a330a2a4489ed799c260df0bc305417e2bb44d6745671d9641d7", | ||
| strip_prefix = "jwt_verify_lib-7e3191b0dcb72835aa63e308a53b541e7fda5458", | ||
| # 2019-09-23 |
Member
There was a problem hiding this comment.
trailing space will fail format check.
Contributor
Author
There was a problem hiding this comment.
Fixed that. Looks like checks are passing again :)
Signed-off-by: Ryan A. Chapman <ryan@rchapman.org>
lizan
approved these changes
Sep 26, 2019
danzh2010
pushed a commit
to danzh2010/envoy
that referenced
this pull request
Oct 4, 2019
…proxy#8385) Description: update jwt_verify_lib to support HS256 tokens, also update documentation to show that Envoy now supports HS256 as well as RS384 and RS512. Risk Level: low Testing: upstream unit tests Docs Changes: added Release Notes: none Signed-off-by: Ryan A. Chapman <ryan@rchapman.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Ryan A. Chapman ryan@rchapman.org
Description: update jwt_verify_lib to support HS256 tokens, also update documentation to show that Envoy now supports HS256 as well as RS384 and RS512 (see #8212)
Risk Level: low
Testing: upstream unit tests
Docs Changes: none
Release Notes: none (should there be some?)