[jira] [Work logged] (KNOX-2703) Make acceptable JWT types configurable

Tue, 18 Jan 2022 06:08:05 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2703?focusedWorklogId=710526&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-710526
 ]

ASF GitHub Bot logged work on KNOX-2703:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Jan/22 14:07
            Start Date: 18/Jan/22 14:07
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request #532:
URL: https://github.com/apache/knox/pull/532


   ## What changes were proposed in this pull request?
   
   Knox supports two new topology-level properties from now on:
   - `knox.token.type` - this can be set as a `KNOXTOKEN` service parameter. If 
this is configured the generated JWT header will have this as the `typ` property
   - `knox.token.allowed.jws.types` - this can be set as a `JWTProvider` 
provider parameter. Defaults to `JWT`. Please note, this configuration is only 
applied if token verification goes through the JWKS verification path as 
described in #216 .
   
   ## How was this patch tested?
   
   Unit tested as well as executed manual test runs w/ different combinations 
of these new params.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 710526)
    Remaining Estimate: 0h
            Time Spent: 10m

> Make acceptable JWT types configurable
> --------------------------------------
>
>                 Key: KNOX-2703
>                 URL: https://issues.apache.org/jira/browse/KNOX-2703
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 1.6.0, 1.6.1, 1.6.2
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> With KNOX-2149, one can define their own JKW URL which Knox can use for 
> verification.
> However, the current implementation only supports JWTs with {{"typ: JWT"}} in 
> their headers. In previous JOSE versions, there were other supported types 
> such as {{{}at+jwt{}}}.
> It'd be beneficial to have the list of allowed JWT types defined on the 
> topology level. If not defined, Knox should use the current default 
> ({{{}JWT{}}}).



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to