knownasmobin opened a new pull request, #11511: URL: https://github.com/apache/apisix/pull/11511
### Description This PR introduces a new feature and several enhancements to the `jwt-auth` plugin in Apache APISIX. The key change is the addition of a configurable `key_claim_name` parameter, which allows users to specify the JWT claim used for identifying the user. This provides greater flexibility and enables integration with a wider variety of JWT issuers and token structures. **Key Changes:** 1. **Configurable JWT Claim Name (`key_claim_name`)**: Users can now specify which claim in the JWT payload should be used to identify the user (e.g., `iss` for the issuer claim). 2. **Support for Asymmetric Algorithms (`RS256`, `ES256`)**: The plugin now supports JWTs signed with asymmetric algorithms, with new configuration fields for `public_key` and `private_key`. 3. **Schema Enhancements**: Descriptions have been added to several schema properties, improving clarity. The schema has also been restructured for better readability and maintainability. 4. **Backwards Compatibility**: The default behavior remains unchanged, ensuring that existing configurations continue to work without modification. This change addresses the following: - Increases flexibility in JWT validation, allowing integration with a broader range of JWT issuers and formats. - Aligns APISIX's JWT validation with existing authentication systems without requiring token modifications. - Enhances security by providing precise control over which claim is used for user identification. **Fixes**: [Issue #11276](https://github.com/apache/apisix/issues/11276) ### Checklist - [x] I have explained the need for this PR and the problem it solves. - [x] I have explained the changes or the new features added to this PR. - [x] I have added tests corresponding to this change, including tests for both symmetric and asymmetric JWT validation. - [x] I have updated the documentation to reflect this change. - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first). <!-- Note 1. Mark the PR as draft until it's ready to be reviewed. 2. Always add/update tests for any changes unless you have a good reason. 3. Always update the documentation to reflect the changes made in the PR. 4. Make a new commit to resolve conversations instead of `push -f`. 5. To resolve merge conflicts, merge master instead of rebasing. 6. Use "request review" to notify the reviewer after making changes. 7. Only a reviewer can mark a conversation as resolved. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
