[GitHub] [pulsar] addisonj opened a new pull request #4528: [pulsar-broker] Add support for other algorithms in token auth

Thu, 13 Jun 2019 15:11:13 -0700 

addisonj opened a new pull request #4528: [pulsar-broker] Add support for other 
algorithms in token auth
URL: https://github.com/apache/pulsar/pull/4528
 
 
   
   
   
   ### Motivation
   
   Before this patch, all keys are read as RSA, which meant that only RSA
   compatible JWT signing algorithms could be used, specifically, this
   limited the use of ECDSA family of JWT keys.
   
   ### Modifications
   
   This changes this by changing the signature we use to parse keys to also
   take a SignatureAlgorithm and also adds a new config option
   `tokenPublicAlg` which can be used to signify what algorithm the
   broker/proxy should use when reading public keys. However, these all
   default to RS256, which, should indicate to decode as RSA (even if
   another RS/PS algoritm is used).
   
   This also adds some new options to the Token CLI tool for those commands
   that weren't respecting the algorithm, but these are defaulted to RS256
   as well.
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   This should also have some of the CLI options validated. 
   
   ### Does this pull request potentially affect one of the following parts:
   
   *If `yes` was chosen, please highlight the changes*
   
     - Dependencies (does it add or upgrade a dependency): (no)
     - The public API: (no)
     - The schema: (no)
     - The default values of configurations: (no)
     - The wire protocol: (no)
     - The rest endpoints: (no)
     - The admin cli options:  no)
     - Anything that affects deployment: no
   
   ### Documentation
   
     - Does this pull request introduce a new feature? (yes
     - If yes, how is the feature documented? docs
     - If a feature is not applicable for documentation, explain why?
     - If a feature is not documented yet in this PR, please create a followup 
issue for adding the documentation
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to