[
https://issues.apache.org/jira/browse/CASSSIDECAR-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020719#comment-18020719
]
Saranya Krishnakumar commented on CASSSIDECAR-334:
--------------------------------------------------
Thanks [~isaacreath] for the patch!. Reviewed the patch.
> Add support for stateless JWT authentication using public keys
> --------------------------------------------------------------
>
> Key: CASSSIDECAR-334
> URL: https://issues.apache.org/jira/browse/CASSSIDECAR-334
> Project: Sidecar for Apache Cassandra
> Issue Type: Improvement
> Components: Security
> Reporter: Isaac Reath
> Assignee: Isaac Reath
> Priority: Normal
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently, the ReloadingJwtAuthenticationHandler supports authenticating JWTs
> using any OpenID-compatible provider via the [Vert.x OAuth2 authentication
> provider|https://vertx.io/docs/vertx-auth-oauth2/java/].
> To broaden JWT support beyond OpenID-based providers, we propose extending
> the ReloadingJwtAuthenticationHandler to also support authentication using
> the [Vert.x JWT authentication
> provider|https://vertx.io/docs/vertx-auth-jwt/java/]. This would enable
> support for non-OIDC JWT providers that expose their signing keys via a
> public PEM-encoded endpoint.
> To achieve this, we will introduce a new configuration parameter,
> jwt_auth_type, which allows users to choose between:
> * oauth (default): for OpenID/OAuth2-based JWT authentication
> * stateless: for direct public key verification using the Vert.x JWT provider
> This enhancement enables flexible support for stateless JWT authentication in
> environments where OpenID Connect is not available or desired.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
