SkyeYoung commented on code in PR #12611:
URL: https://github.com/apache/apisix/pull/12611#discussion_r2342861298
##########
apisix/plugins/jwt-auth.lua:
##########
@@ -145,7 +143,8 @@ function _M.check_schema(conf, schema_type)
end
if conf.algorithm ~= "RS256" and conf.algorithm ~= "ES256" and not
conf.secret then
- conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+ err = "property \"secret\" is required when \"algorithm\" is not
\"RS256\" or \"ES256\""
Review Comment:
<img width="2714" height="2202" alt="CleanShot 2025-09-12 at 11 37 13@2x"
src="https://github.com/user-attachments/assets/eed57961-0907-4589-b781-096e6cbd5853";
/>
https://github.com/apache/apisix/pull/12611/files#diff-9b9604832706062cf84d2e9b7a13754c0f21a9a0b34cf271a4eb059f4bffbdaa
TEST 52
After trying to modify it, I found that it would incorrectly pass the test
when going through the default `HS256` logic.
The original code should have also been implemented through code for this
reason.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
