Re: [PR] feat(jwt-auth): when algorithm is not `RS256` or `ES256`, require the user to fill in `secret` [apisix]

via GitHub Thu, 11 Sep 2025 20:21:29 -0700


SkyeYoung commented on code in PR #12611:
URL: https://github.com/apache/apisix/pull/12611#discussion_r2342844480



##########
apisix/plugins/jwt-auth.lua:
##########
@@ -145,7 +143,8 @@ function _M.check_schema(conf, schema_type)
     end
 
     if conf.algorithm ~= "RS256" and conf.algorithm ~= "ES256" and not 
conf.secret then
-        conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+        err = "property \"secret\" is required when \"algorithm\" is not 
\"RS256\" or \"ES256\""

Review Comment:
   Let me check it



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] feat(jwt-auth): when algorithm is not `RS256` or `ES256`, require the user to fill in `secret` [apisix]

Reply via email to