-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(kuma-cp) consolidate tokens logic to support expiration, rotation, revocation and RSA256 #3376
Conversation
…on, revocation Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great improvement. Just some little nits and suggestions.
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #3376 +/- ##
==========================================
+ Coverage 52.13% 52.27% +0.13%
==========================================
Files 932 939 +7
Lines 54547 54618 +71
==========================================
+ Hits 28439 28552 +113
+ Misses 23882 23846 -36
+ Partials 2226 2220 -6
Continue to review full report at Codecov.
|
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
…n, revocation and RSA256 (#3376) Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
…n, revocation and RSA256 (#3376) Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
Summary
This PR consolidates the logic of JWT tokens in the project, to have one standard for all the tokens.
I refactored the logic to
core/tokens
to serve the functionality as a "library" for token implementations (dataplane token, zone ingress token, user token).All the tokens now have
All new tokens are generated using RSA256, but we still support HMAC256 for backwards compatibility.
We still support ASN.1 signing keys for backwards compatibility.
All those features were available for User Token already but not for other tokens.
Issues resolved
Fix #2955
Fix #3197
Documentation
Testing
Backwards compatibility