You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/17 01:40:35 UTC

[GitHub] [apisix-dashboard] bzp2010 opened a new issue #2384: request help: ensure explicitly sets the secret field when using jwt-auth on consumer

bzp2010 opened a new issue #2384:
URL: https://github.com/apache/apisix-dashboard/issues/2384


   # Feature request
   
   ## Please describe your feature
   
   **The current jwt-auth plugin configuration in APISIX has special logic. If a user uses `HS` mode but does not set a secret, APISIX will generate one and write it to etcd, but the dashboard does not have the corresponding logic.**
   
   ## Describe the solution you'd like
   
   Before we switch to using the Admin API directly, we need some means to circumvent this problem, and I think we can add a form UI to it that helps users avoid this problem by forcing input requirements and automatically generating random characters.
   
   ## Describe alternatives you've considered
   
   The above solution is a front-end solution, we can also extend the logic in the back-end to merge a copy of the patched jsonschema into the actual version to ensure we can enforce the secret presence check. (We have difficulty directly modifying the jsonschema data exported through the APISIX Control API)
   
   ## Additional context
   
   https://github.com/apache/apisix/issues/6564
   https://github.com/apache/apisix-dashboard/issues/2383
   https://github.com/apache/apisix-dashboard/issues/2176#issuecomment-944127485


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] kingmouse-yx commented on issue #2384: request help: ensure explicitly sets the secret field when using jwt-auth on consumer

Posted by GitBox <gi...@apache.org>.

kingmouse-yx commented on issue #2384:
URL: https://github.com/apache/apisix-dashboard/issues/2384#issuecomment-1069856308


   I want to solve this issue
   I want to check the values of the secret and algorithm fields when processing data at the back end. 
   If the secret field is empty, 32-bit characters will be randomly generated, and then base64 will be encrypted. 
   If the algorithm field is empty, the default value HS256 will be given.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org