Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT Skip claim validation #1626

Closed
aclowkey opened this issue Aug 23, 2020 · 4 comments
Closed

JWT Skip claim validation #1626

aclowkey opened this issue Aug 23, 2020 · 4 comments
Labels
question stale Marked as stale for auto-closing

Comments

@aclowkey
Copy link

aclowkey commented Aug 23, 2020
edited
Loading

I was wondering if it's possible to skip claim validations in the JWT middleware.
i.e. somebody sends with "alg":"HS256", but I don't want to check the signature
@lammel lammel added the question label Sep 4, 2020
@lammel
Copy link
Contributor

lammel commented Sep 4, 2020

No, currently it is not possible to skip signature checking.
This would only make sense for testing, as the signature is part of JWT mechanism to ensure a valid token.

@stale
Copy link

stale bot commented Nov 7, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 7, 2020
@agravelot
Copy link

On some infrastructure, it's the gateway/mesh to do this verification (like istio), microservice itself is dumb about authentication.

@lammel
Copy link
Contributor

lammel commented Mar 9, 2021

This is probably resolved by PR #1756 , which allows to use a custom KeyFunc to handle key retrieval and signature validation.
Please let us know if this works for you @aclowkey

@lammel lammel added stale Marked as stale for auto-closing and removed wontfix labels Mar 9, 2021
@lammel lammel closed this as completed Dec 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question stale Marked as stale for auto-closing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lammel @aclowkey @agravelot