Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jwt-plugin): Add support for EdDSA #12726

Merged
merged 1 commit into from
Mar 13, 2024
Merged

feat(jwt-plugin): Add support for EdDSA #12726

merged 1 commit into from
Mar 13, 2024

Conversation

27ascii
Copy link
Contributor

@27ascii 27ascii commented Mar 12, 2024

Summary

This change adds support for the EdDSA JWT verification

Checklist

  • The Pull Request has tests
  • A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
  • There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Issue reference

Martin Kölbel martin.koelbel@mercedes-benz.com on behalf of Mercedes-Benz Tech Innovation GmbH, Provider Information

@27ascii 27ascii marked this pull request as ready for review March 12, 2024 14:16
27ascii
27ascii commented Mar 12, 2024
View reviewed changes
kong/plugins/jwt/daos.lua
@@ -55,6 +56,7 @@ return {
"^PS256$",
"^PS384$",
"^PS512$",
"^EdDSA$",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not directly related to the EdDSA support, however I wonder why the pkey checks are not applied for ES256, ES384 and ES512.

Wouldn't it make sense to apply this check for all algorithms and exclude the symmetric ones?

if_match = {
  not_match =  "^HS", 
},

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, this list has grown over time and indeed it would make sense to apply pkey checks to all asymmetrical keys. I'll add this to my pile. Thanks for brining that up @27ascii

@team-eng-enablement team-eng-enablement added the author/community PRs from the open-source community (not Kong Inc) label Mar 12, 2024
hanshuebner
hanshuebner approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@hanshuebner hanshuebner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution! The change looks good to me, but I'd like another approval from @jschmid1

@hanshuebner hanshuebner requested a review from jschmid1 March 12, 2024 14:45
@jschmid1 jschmid1 added the cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee label Mar 13, 2024
@jschmid1 jschmid1 merged commit f89cbb7 into Kong:master Mar 13, 2024
42 checks passed
@jschmid1
Copy link
Contributor

Thank you for your contribution @27ascii

@team-gateway-bot
Copy link
Collaborator

Successfully created cherry-pick PR for master:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschmid1 jschmid1 jschmid1 approved these changes

@hanshuebner hanshuebner hanshuebner approved these changes

Assignees
No one assigned
Labels
author/community PRs from the open-source community (not Kong Inc) cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee plugins/jwt schema-change-noteworthy size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@27ascii @jschmid1 @team-gateway-bot @hanshuebner @team-eng-enablement