Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Jwt-auth plugin no longer requires a private_key to be uploaded. #11597

Merged
merged 31 commits into from
Sep 27, 2024

Conversation

dspo
Copy link
Contributor

@dspo dspo commented Sep 23, 2024

Description

For security reasons, the API gateway should not accept uploads of users' private keys for issuing jwt tokens, and should no longer provide an API for issuing jwt tokens.
This PR removes the /apisix/plugin/jwt/sign API.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@dspo dspo changed the title (WIP) feat: remove /jwt/sign chore: remove /jwt/sign Sep 23, 2024
@dspo dspo changed the title chore: remove /jwt/sign refactor: remove /jwt/sign Sep 24, 2024
@dspo dspo changed the title refactor: remove /jwt/sign refactor: remove API /apisix/plugin/jwt/sign Sep 24, 2024
@dspo dspo marked this pull request as ready for review September 24, 2024 04:12
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. doc Documentation things plugin labels Sep 24, 2024
@dspo dspo marked this pull request as draft September 24, 2024 06:00
@dspo dspo changed the title refactor: remove API /apisix/plugin/jwt/sign feat: remove API /apisix/plugin/jwt/sign Sep 25, 2024
@dspo dspo marked this pull request as ready for review September 25, 2024 01:13
@dosubot dosubot bot added the enhancement New feature or request label Sep 25, 2024
@dspo dspo changed the title feat: remove API /apisix/plugin/jwt/sign feat: Jwt-auth plugin no longer requires a private_key to be uploaded. Sep 25, 2024
nic-6443
nic-6443 previously approved these changes Sep 25, 2024
Co-authored-by: Nic <qianyong@api7.ai>
apisix/plugins/jwt-auth.lua Outdated Show resolved Hide resolved
apisix/plugins/jwt-auth.lua Outdated Show resolved Hide resolved
apisix/plugins/jwt-auth.lua Outdated Show resolved Hide resolved
@dspo dspo requested review from moonming and membphis September 25, 2024 09:13
@dspo dspo requested a review from moonming September 26, 2024 01:41
apisix/plugins/jwt-auth.lua Show resolved Hide resolved
t/fips/jwt-auth.t Outdated Show resolved Hide resolved
t/fips/jwt-auth.t Outdated Show resolved Hide resolved
t/fips/jwt-auth.t Outdated Show resolved Hide resolved
t/fips/jwt-auth.t Outdated Show resolved Hide resolved
t/perf/test_http.py Outdated Show resolved Hide resolved
t/plugin/jwt-auth.t Outdated Show resolved Hide resolved
@dspo dspo requested a review from moonming September 27, 2024 02:55
@dspo
Copy link
Contributor Author

dspo commented Sep 27, 2024

@moonming @membphis please review again

Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, LGTM

@nic-6443 nic-6443 merged commit 1773655 into apache:master Sep 27, 2024
33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Documentation things enhancement New feature or request plugin size:XXL This PR changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants