You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/08/17 08:54:49 UTC

[GitHub] [apisix] ShynHan opened a new issue #2068: request help: 获取 jwt-auth token 的接口如何保证安全性呢

ShynHan opened a new issue #2068:
URL: https://github.com/apache/apisix/issues/2068


   ### Issue description
   ![image](https://user-images.githubusercontent.com/12025422/90376864-ae80e880-e0a9-11ea-82d4-f12d0872e438.png)
   
   这个获取 jwt-auth token 的接口只需要一个 key 参数，这个 key 参数又可以在 jwt-auth token 解码出来，
   那岂不是任何人都可以通过这个接口随意生成 jwt-auth token
   
   ### Environment
   
   * apisix version (cmd: `apisix version`):
   * OS:
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis closed issue #2068: request help: 获取 jwt-auth token 的接口如何保证安全性呢

Posted by GitBox <gi...@apache.org>.

membphis closed issue #2068:
URL: https://github.com/apache/apisix/issues/2068


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] moonming commented on issue #2068: request help: 获取 jwt-auth token 的接口如何保证安全性呢

Posted by GitBox <gi...@apache.org>.

moonming commented on issue #2068:
URL: https://github.com/apache/apisix/issues/2068#issuecomment-675231401


   @ShynHan Please use English in the public channel, thx


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] ShynHan commented on issue #2068: request help: How to ensure the security of the interface for obtaining jwt-auth token?

Posted by GitBox <gi...@apache.org>.

ShynHan commented on issue #2068:
URL: https://github.com/apache/apisix/issues/2068#issuecomment-675801221


   @moonming Sorry, witch channel can be use Chinese?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis commented on issue #2068: request help: 获取 jwt-auth token 的接口如何保证安全性呢

Posted by GitBox <gi...@apache.org>.

membphis commented on issue #2068:
URL: https://github.com/apache/apisix/issues/2068#issuecomment-675190839


   we should use HTTPS to protect this `key`.  it is a common way.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org