paoying opened a new issue #1223: Enhancement: jwt-auth should support base64 encoded secret URL: https://github.com/apache/incubator-apisix/issues/1223 The secret in jwt-auth plugin is now only string typed, this is not secure enough: - The string contains only printable characters which makes the secret's possible value size much smaller than byte array with the same size. - It's easy to generate secure random byte array, but not so easy to generate a secure random string. If we generate a secret without enough randomness, the secret is much weaker and not compatible with jwt standards(Although JWT standard didn't mention too much about how the key should be generated, the standards it referenced did state the secret should be random enough to protect the signature). Ref: JWT: https://tools.ietf.org/html/rfc7519 HMAC: https://tools.ietf.org/html/rfc2104
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
