You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/08 09:09:26 UTC

[GitHub] [apisix] guoqqqi commented on a change in pull request #6127: docs: update the jwt-auth zh version

guoqqqi commented on a change in pull request #6127:
URL: https://github.com/apache/apisix/pull/6127#discussion_r821460604



##########
File path: docs/zh/latest/plugins/jwt-auth.md
##########
@@ -98,6 +114,76 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 }'
 ```
 
+### Vault 与 APISIX jwt-auth 插件集成的不同用例
+
+Apache APISIX `jwt-auth` 插件可以被配置为从 Vault 存储中获取简单的文本密钥以及 RS256 公私密钥对。
+
+**注意**：对于该集成支持的早期版本，该插件期望存储在 Vault 路径中的密钥名称为「`secret`，`public_key`，`private_key`」其中之一。在未来的版本中，我们将支持引用自定义命名键。
+
+要启用 Vault 的兼容性，只需要在 `jwt-auth` 插件内添加空的 Vault 对象。
+
+1. 用在 Vault 储存的 HS256 签名密钥来进行 jwt 签名和认证。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "username": "jack",
+    "plugins": {
+        "jwt-auth": {
+            "key": "key-1",
+            "vault": {}
+        }
+    }
+}'
+```
+
+在这里，插件在 Consumer 配置中提到的 Consumer 用户 `jack` 的 Vault 路径（`<vault.prefix from conf.yaml>/consumer/jack/jwt-auth`）中查找密钥 `secret`，并使用它进行后续的签名和 JWT 验证。如果在该路径中没有找到密钥，该插件将记录一个错误，并且无法执行 JWT 验证。
+
+2. RS256 rsa 密钥对, 包括公钥和私钥都存粗在 Vault 中。
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "username": "kowalski",
+    "plugins": {
+        "jwt-auth": {
+            "key": "rsa-keypair",
+            "algorithm": "RS256",
+            "vault": {}
+        }
+    }
+}'
+```
+
+该插件在 Vault 键值对路径（`<vault.prefix from conf.yaml>/consumer/jim/jwt-auth`）中为插件 Vault 配置中提到的用户 `jim` 查找 `public_key` 和 `private_key`。如果没有找到，认证失败。

Review comment:
       cc @starsz have a look




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org