envoy icon indicating copy to clipboard operation
envoy copied to clipboard
verified publisher icon envoyproxy

jwt_authn: Add logic to refetch JWT on KID mismatch

Open arulthileeban opened this issue 1 year ago • 2 comments

Commit Message: jwt_authn: Add logic to refetch JWT on KID mismatch Additional Description: Minimal implementation driven through config to force filter to refetch JWKS when extracted JWT's KID does not match with cached JWKS's KID.

Risk Level: Low Testing: Unit/Integration Docs Changes: Done Release Notes: Done Partially fixes #14557

arulthileeban avatar Oct 06 '24 18:10 arulthileeban

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/). envoyproxy/api-shepherds assignee is @markdroth CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

:cat:

Caused by: https://github.com/envoyproxy/envoy/pull/36458 was opened by arulthileeban.

see: more, trace.

repokitteh-read-only[bot] avatar Oct 06 '24 18:10 repokitteh-read-only[bot]

/wait on CI (@tyxia please remember to use wait tags to avoid PRs showing up as stale)

alyssawilk avatar Oct 10 '24 13:10 alyssawilk

/wait

Seems like this needs a main merge + addressing of some comments.

KBaichoo avatar Nov 04 '24 15:11 KBaichoo

@markdroth @tyxia Apologies for the delay. I've made changes as discussed, which are also documented in the API docs (code is also added for disallowing multiple fetches in parallel, just not documented).

I'll add tests for the new code if this looks good to you.

arulthileeban avatar Dec 02 '24 19:12 arulthileeban

/lgtm api

markdroth avatar Dec 10 '24 23:12 markdroth

@tyxia PTAL.

adisuissa avatar Dec 16 '24 15:12 adisuissa