Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4277

iss field in JWT tokens is always "maxscale"

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.21, 6.4.2, 22.08.0
    • 23.08.0
    • REST-API
    • None
    • MXS-SPRINT-180

    Description

      The issuer field (iss) is always maxscale for all tokens. This makes it hard to figure out who actually created the token. A better alternative would be to construct it from the machine's hostname (or from admin_host) as well as the admin_port parameters to form a URL that points to the issuer.

      The proposed approach with the defaults admin_host=127.0.0.1 and admin_port=8989 would result in the following issuer field:

      "iss": "http://127.0.0.1:8989/v1/auth"
      

      The only problem with this approach is that it prevents the tokens from being shared across multiple MaxScale instances which would otherwise be possible in 22.08 with a pre-shared symmetric key. For this reason, it might need to be made into a user-configurable string, especially if the value of admin_host isn't the externally visible hostname of the machine.

      Attachments

        Activity

          People

            markus makela markus makela
            markus makela markus makela
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.