feipengheart commented on issue #5281: URL: https://github.com/apache/apisix/issues/5281#issuecomment-946775630
这是可以的,但我发现了一个新问题,即,如果令牌给了其他人,它也可以访问API。我认为私钥由客户端用于令牌加密,然后JwT-Auth可以使用公钥或签名对其进行解密,但事实并非如此。在请求令牌之后,直接将令牌添加到头以访问API。公钥和私钥似乎没有任何作用。有没有办法解决这个问题,比如给用户一个私钥,只有拥有私钥的用户才能使用有效的令牌访问API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
