This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new a4e3526 bugfix: remove unsupported algorithm in jwt plugin. (#2356)
a4e3526 is described below
commit a4e35260494069c909d93b618bf101eaa3f486f7
Author: Wen Ming <[email protected]>
AuthorDate: Mon Oct 5 07:26:40 2020 +0800
bugfix: remove unsupported algorithm in jwt plugin. (#2356)
* bugfix: remove unsupported algorithm in jwt plugin.
support algorithm:
https://github.com/SkyLothar/lua-resty-jwt/blob/master/lib/resty/jwt.lua#L505
* revert doc auto-format
Signed-off-by: yiyiyimu <[email protected]>
Co-authored-by: yiyiyimu <[email protected]>
---
apisix/plugins/jwt-auth.lua | 11 ++++-------
doc/plugins/jwt-auth.md | 2 +-
doc/zh-cn/plugins/jwt-auth.md | 2 +-
3 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
index 0d33346..8209aa5 100644
--- a/apisix/plugins/jwt-auth.lua
+++ b/apisix/plugins/jwt-auth.lua
@@ -35,7 +35,8 @@ local schema = {
secret = {type = "string"},
algorithm = {
type = "string",
- enum = {"HS256", "HS384", "HS512", "RS256", "ES256"}
+ enum = {"HS256", "HS512", "RS256"},
+ default = "HS256"
},
exp = {type = "integer", minimum = 1},
base64_secret = {
@@ -85,10 +86,6 @@ function _M.check_schema(conf)
conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
end
- if not conf.algorithm then
- conf.algorithm = "HS256"
- end
-
if not conf.exp then
conf.exp = 60 * 60 * 24
end
@@ -207,11 +204,11 @@ local function gen_token()
local jwt_token = jwt:sign(
auth_secret,
{
- header={
+ header = {
typ = "JWT",
alg = consumer.auth_conf.algorithm
},
- payload={
+ payload = {
key = key,
exp = ngx_time() + consumer.auth_conf.exp
}
diff --git a/doc/plugins/jwt-auth.md b/doc/plugins/jwt-auth.md
index 03b6c92..1f5aa1e 100644
--- a/doc/plugins/jwt-auth.md
+++ b/doc/plugins/jwt-auth.md
@@ -41,7 +41,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/)
for more informatio
| ------------- | ------- | ----------- | ------- |
--------------------------------------------- |
------------------------------------------------------------------------------------------------------------------------------------------------
|
| key | string | required | |
| different `consumer` have different value, it's unique.
different `consumer` use the same `key`, and there will be a request matching
exception. |
| secret | string | optional | |
| encryption key. if you do not specify, the value is
auto-generated in the background.
|
-| algorithm | string | optional | "HS256" | ["HS256", "HS384",
"HS512", "RS256", "ES256"] | encryption algorithm.
|
+| algorithm | string | optional | "HS256" | ["HS256", "HS512",
"RS256"] | encryption algorithm.
|
| exp | integer | optional | 86400 | [1,...]
| token's expire time, in seconds
|
| base64_secret | boolean | optional | false |
| whether secret is base64 encoded
|
diff --git a/doc/zh-cn/plugins/jwt-auth.md b/doc/zh-cn/plugins/jwt-auth.md
index aa7126c..2d431e4 100644
--- a/doc/zh-cn/plugins/jwt-auth.md
+++ b/doc/zh-cn/plugins/jwt-auth.md
@@ -42,7 +42,7 @@
| ------------- | ------- | ------ | ------- |
--------------------------------------------- |
-------------------------------------------------------------------------------------------------------------
|
| key | string | 必须 | |
| 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key`
,将会出现请求匹配异常。 |
| secret | string | 可选 | |
| 加密秘钥。如果您未指定,后台将会自动帮您生成。
|
-| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512",
"RS256", "ES256"] | 加密算法
|
+| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] |
加密算法
|
| exp | integer | 可选 | 86400 | [1,...]
| token 的超时时间
|
| base64_secret | boolean | 可选 | false |
| 密钥是否为 base64 编码
|
