You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by we...@apache.org on 2020/10/04 23:31:53 UTC
[apisix] branch master updated: bugfix: remove unsupported
algorithm in jwt plugin. (#2356)
This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new a4e3526 bugfix: remove unsupported algorithm in jwt plugin. (#2356)
a4e3526 is described below
commit a4e35260494069c909d93b618bf101eaa3f486f7
Author: Wen Ming <mo...@gmail.com>
AuthorDate: Mon Oct 5 07:26:40 2020 +0800
bugfix: remove unsupported algorithm in jwt plugin. (#2356)
* bugfix: remove unsupported algorithm in jwt plugin.
support algorithm: https://github.com/SkyLothar/lua-resty-jwt/blob/master/lib/resty/jwt.lua#L505
* revert doc auto-format
Signed-off-by: yiyiyimu <wo...@gmail.com>
Co-authored-by: yiyiyimu <wo...@gmail.com>
---
apisix/plugins/jwt-auth.lua | 11 ++++-------
doc/plugins/jwt-auth.md | 2 +-
doc/zh-cn/plugins/jwt-auth.md | 2 +-
3 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
index 0d33346..8209aa5 100644
--- a/apisix/plugins/jwt-auth.lua
+++ b/apisix/plugins/jwt-auth.lua
@@ -35,7 +35,8 @@ local schema = {
secret = {type = "string"},
algorithm = {
type = "string",
- enum = {"HS256", "HS384", "HS512", "RS256", "ES256"}
+ enum = {"HS256", "HS512", "RS256"},
+ default = "HS256"
},
exp = {type = "integer", minimum = 1},
base64_secret = {
@@ -85,10 +86,6 @@ function _M.check_schema(conf)
conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
end
- if not conf.algorithm then
- conf.algorithm = "HS256"
- end
-
if not conf.exp then
conf.exp = 60 * 60 * 24
end
@@ -207,11 +204,11 @@ local function gen_token()
local jwt_token = jwt:sign(
auth_secret,
{
- header={
+ header = {
typ = "JWT",
alg = consumer.auth_conf.algorithm
},
- payload={
+ payload = {
key = key,
exp = ngx_time() + consumer.auth_conf.exp
}
diff --git a/doc/plugins/jwt-auth.md b/doc/plugins/jwt-auth.md
index 03b6c92..1f5aa1e 100644
--- a/doc/plugins/jwt-auth.md
+++ b/doc/plugins/jwt-auth.md
@@ -41,7 +41,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/) for more informatio
| ------------- | ------- | ----------- | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| key | string | required | | | different `consumer` have different value, it's unique. different `consumer` use the same `key`, and there will be a request matching exception. |
| secret | string | optional | | | encryption key. if you do not specify, the value is auto-generated in the background. |
-| algorithm | string | optional | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | encryption algorithm. |
+| algorithm | string | optional | "HS256" | ["HS256", "HS512", "RS256"] | encryption algorithm. |
| exp | integer | optional | 86400 | [1,...] | token's expire time, in seconds |
| base64_secret | boolean | optional | false | | whether secret is base64 encoded |
diff --git a/doc/zh-cn/plugins/jwt-auth.md b/doc/zh-cn/plugins/jwt-auth.md
index aa7126c..2d431e4 100644
--- a/doc/zh-cn/plugins/jwt-auth.md
+++ b/doc/zh-cn/plugins/jwt-auth.md
@@ -42,7 +42,7 @@
| ------------- | ------- | ------ | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| key | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key` ,将会出现请求匹配异常。 |
| secret | string | 可选 | | | 加密秘钥。如果您未指定,后台将会自动帮您生成。 |
-| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | 加密算法 |
+| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] | 加密算法 |
| exp | integer | 可选 | 86400 | [1,...] | token 的超时时间 |
| base64_secret | boolean | 可选 | false | | 密钥是否为 base64 编码 |