Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jwt-auth): store JWT in the request context #11675

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat(jwt-auth): store JWT in the request context #11675

wants to merge 3 commits into from

Conversation

mikyll
Copy link
Contributor

@mikyll mikyll commented Oct 23, 2024
edited
Loading

Description

The changes introduce a new parameter to jwt-auth plugin's route schema: store_in_ctx. If set to true (default is false) the plugin will store the validated JWT object in the request context.

This feature is useful especially for custom plugins. For example, my company is currently using a custom ACL plugin, based on Casbin (lua-casbin), that parses a JWT to extract permissions.

Therefore, I would say this feature is useful for at least for two reasons:

  • since the JWT can be removed from the request attributes (via hide_credential = true configuration), this provides another way to pass the token, without exposing it;
  • this prevents custom plugins from duplicated code (retrieve and parse JWT object), which jwt-auth plugin already does.

Fixes #11281

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@mikyll
fix(jwt-auth): store token in request ctx
26e3a37 
Fixes apache#11281

Signed-off-by: Michele Righi <[email protected]>
@mikyll
test(jwt-auth): add test case for new feature
817c784 
Add new test case (jwt-auth4.t) to test the correct behaviour of `store_in_ctx` config parameter

Signed-off-by: Michele Righi <[email protected]>
@mikyll
docs(jwt-auth): update en/zh docs
d994762 
Added the new config parameter in jwt-auth docs

Signed-off-by: Michele Righi <[email protected]>
@mikyll mikyll marked this pull request as ready for review October 23, 2024 14:51
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. doc Documentation things enhancement New feature or request labels Oct 23, 2024
@mikyll
Copy link
Contributor Author

mikyll commented Nov 7, 2024

The CI and HTTP/3 errors do not seem to be related to the change. The same 3 tests (files t/plugin/opentelemetry.t, t/plugin/opentelemetry2.t, t/plugin/opentelemetry5.t) keep failing:

Test Summary Report
-------------------
t/plugin/opentelemetry.t     (Wstat: 0 Tests: 74 Failed: 32)
  Failed tests:  6-9, 11, 18-21, 23, 30-33, 35, 42-45, 47
                54-57, 59, 66-71, 73
  Parse errors: No plan found in TAP output
t/plugin/opentelemetry2.t    (Wstat: 0 Tests: 11 Failed: 5)
  Failed tests:  5-8, 10
  Parse errors: No plan found in TAP output
t/plugin/opentelemetry5.t    (Wstat: 0 Tests: 37 Failed: 12)
  Failed tests:  6-7, 9, 12, 15, 18, 21, 24, 27, 30, 33
                36
  Parse errors: No plan found in TAP output
Files=6, Tests=245, 54 wallclock secs ( 0.06 usr  0.00 sys +  5.16 cusr  2.12 csys =  7.34 CPU)
Result: FAIL
Error: Process completed with exit code 1.
  1. Job build (ubuntu-20.04, linux_openresty, lua-resty-worker-events, t/plugin/[l-z]*)
  2. Job build (ubuntu-20.04, linux_openresty, lua-resty-events, t/plugin/[l-z]*)
  3. Job build (ubuntu-20.04, linux_openresty, lua-resty-worker-events, t/plugin/[l-z]*)
  4. Job build (ubuntu-20.04, linux_openresty, lua-resty-events, t/plugin/[l-z]*)
  5. Job build (ubuntu-20.04, linux_openresty, lua-resty-worker-events, t/plugin/[l-z]*)
  6. Job build (ubuntu-20.04, linux_openresty, lua-resty-events, t/plugin/[l-z]*)
  7. Job build (ubuntu-20.04, linux_openresty, lua-resty-worker-events, t/plugin/[l-z]*)
  8. Job build (ubuntu-20.04, linux_openresty, lua-resty-events, t/plugin/[l-z]*)

These seem to be caused by this other error from sc-lint:

In ci/linux_openresty_tongsuo_runner.sh line 48:
    before_install
    ^------------^ SC2218 (error): This function is only defined later. Move the definition up.

For more information:
  https://www.shellcheck.net/wiki/SC2[21](https://github.com/apache/apisix/actions/runs/11482481216/job/32608897406?pr=11675#step:3:22)8 -- This function is only defined lat...
Error: Process completed with exit code 1[23](https://github.com/apache/apisix/actions/runs/11482481216/job/32608897406?pr=11675#step:3:24).

@mikyll mikyll changed the title feat(jwt-auth): parameter to store JWT in the request context feat(jwt-auth): store JWT in the request context Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
doc Documentation things enhancement New feature or request size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
1 participant
@mikyll