Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4217

Make JWT signatures configurable

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 22.08.0
    • Component/s: REST-API
    • Labels:
      None

      Description

      The JWT signatures in the REST API currently use HS256 (HMAC with SHA-256) as the only signature algorithm. Adding support for other hash sizes (HS384 and HS512) as well as asymmetric key algorithms (RS, PS, ES and Ed families) makes the security of the tokens used by the API easily controllable by the end user.

      In addition, the ability to share tokens between Maxscale instances can be done by either making the symmetric key used by MaxScale configurable (currently uses a random key) or by adding support for asymmetric key verification using a set of pre-defined certificates.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            markus makela markus makela
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.