[MXS-4277] iss field in JWT tokens is always "maxscale" - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.21, 6.4.2, 22.08.0
Fix Version/s: 23.08.0
Component/s: REST-API
Labels:
None

Sprint:
MXS-SPRINT-180

Description

The issuer field (iss) is always maxscale for all tokens. This makes it hard to figure out who actually created the token. A better alternative would be to construct it from the machine's hostname (or from admin_host) as well as the admin_port parameters to form a URL that points to the issuer.

The proposed approach with the defaults admin_host=127.0.0.1 and admin_port=8989 would result in the following issuer field:

"iss": "http://127.0.0.1:8989/v1/auth"

The only problem with this approach is that it prevents the tokens from being shared across multiple MaxScale instances which would otherwise be possible in 22.08 with a pre-shared symmetric key. For this reason, it might need to be made into a user-configurable string, especially if the value of admin_host isn't the externally visible hostname of the machine.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

0001-MXS-4277-Make-iss-claim-configurable.patch
7 kB
2022-09-08 06:57

Activity

People

Assignee:: markus makela

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022-09-07 06:49

Updated:: 2024-10-03 15:52

Resolved:: 2023-04-13 17:12

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.