moonming commented on a change in pull request #1224: support base64 secret for
jwt auth
URL: https://github.com/apache/incubator-apisix/pull/1224#discussion_r389376011
##########
File path: lua/apisix/plugins/jwt-auth.lua
##########
@@ -75,7 +82,11 @@ function _M.check_schema(conf)
end
if not conf.secret then
- conf.secret = core.id.gen_uuid_v4()
+ if base64_secret then
+ conf.secret = ngx_encode_base64(resty_random.bytes(32))
Review comment:
We should uniformly generate the random number algorithm, or only specified
by the user, change the `secret` to a required field
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
