Allow RSA key used for JWT to be specified as a file path #6271
Conversation
Codecov Report
@@ Coverage Diff @@
## master #6271 +/- ##
==========================================
+ Coverage 60.02% 60.31% +0.28%
==========================================
Files 153 153
Lines 12494 12510 +16
Branches 1692 1694 +2
==========================================
+ Hits 7500 7545 +45
+ Misses 4781 4744 -37
- Partials 213 221 +8
|
|
The concept of the PR sounds useful. Any idea how feasible it would be to get the Codecov test happy? 😄 |
|
I'll see if I can contrive a test for http as well. This code does not have existing tests, but Codecov is complaining because I moved some of the logic around. |
|
Cool, sounds like a plan. 😄 |
eradman
force-pushed
the
public-key-from-file
branch
from
c0fae61
to
c0407b0
Compare
- auth_jwt_auth_public_certs_url may file:// in addition to http/https - Log an error if payload does not contain an email address
eradman
force-pushed
the
public-key-from-file
branch
from
c0407b0
to
241ea41
Compare
|
I didn't want to introduce another pip dev dependency, but JWK is difficult to craft by hand. |
|
@justinclift I'd say this change is ready to go |
Sounds like a sensible compromise. 😄 |
|
@wlach @gaecoli @guidopetri Anyone interested in reviewing this PR? 😄 |
|
I have been using https, I hope to enable file and https/http options, otherwise there is no way to use it For old users. |
This PR should not change existing behavior, only add the ability to specify a private key from a file path |
Ok, LGTM! |
|
Awesome. Just merged this, and the PR on the website repo which documents it a bit. 😄 |
auth_jwt_auth_public_certs_urlmay file:// in addition to http/httpsWhat type of PR is this?
Description
How is this tested?
Background
This feature allows another application to craft a JWT token to automatically log into redash.
Formerly this was possible, but the RSA public key had to be on an HTTP server. A file path is less complex and easier to secure.