Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use jwt block for signing #309

Merged
merged 13 commits into from
Sep 10, 2021
Merged

Use jwt block for signing #309

merged 13 commits into from
Sep 10, 2021

Conversation

johakoch
Copy link
Collaborator

@johakoch johakoch commented Sep 2, 2021

In order to simplify local JWT handling (create/sign and check), it should be possible to also reference jwt blocks from the jwt_sign() function.

To do this, we need

  • signing_ttl and
  • for RSA keys signing_key/signing_key_file.

So, for JWT signed with an HS256 key

jwt_signing_profile "local_jwt" {
  signature_algorithm = "HS256"
  key = env.LOCAL_JWT_KEY
  ttl = "1h"
}
jwt "local_jwt" {
  signature_algorithm = "HS256"
  key = env.LOCAL_JWT_KEY
  cookie = "local_token"
}

could be simplified to

jwt "local_jwt" {
  signature_algorithm = "HS256"
  key = env.LOCAL_JWT_KEY
  cookie = "local_token"
  signing_ttl = "1h"
}

alex-schneider
alex-schneider reviewed Sep 9, 2021
View reviewed changes
docs/REFERENCE.md Outdated
| :-------- | :--------------- | :--------------- | :--------------- | :--------------- | :--------------- |
| `signing_key` |string|-|Private key (in PEM format) for `RS*` variants.|-|-|
| `signing_key_file` |string|-|Optional file reference instead of `signing_key` usage.|-|-|
| `signing_ttl` |string|-|The token's time-to-live (creates the `exp` claim).|-|-|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type duration, see line 294

alex-schneider
alex-schneider reviewed Sep 9, 2021
View reviewed changes
eval/lib/jwt.go Outdated Show resolved Hide resolved
@alex-schneider alex-schneider merged commit 12ddf6c into master Sep 10, 2021
@alex-schneider alex-schneider deleted the use-jwt-block-for-signing branch September 10, 2021 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malud malud malud left review comments

@alex-schneider alex-schneider alex-schneider approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johakoch @malud @alex-schneider