paoying commented on a change in pull request #1224: support base64 secret for
jwt auth
URL: https://github.com/apache/incubator-apisix/pull/1224#discussion_r401617844
##########
File path: lua/apisix/plugins/jwt-auth.lua
##########
@@ -75,7 +82,7 @@ function _M.check_schema(conf)
end
if not conf.secret then
- conf.secret = core.id.gen_uuid_v4()
+ conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
Review comment:
> need more test cases, for example:
>
> * no `secret` and no `base64_secret`
> * has 'secret' and no `base64_secret`
> etc.
don't get this, base64_secret is a boolean flag, it's not another secret.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
