Details
-
New Feature
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.5.21, 6.4.2, 22.08.0
-
None
-
MXS-SPRINT-180
Description
The issuer field (iss) is always maxscale for all tokens. This makes it hard to figure out who actually created the token. A better alternative would be to construct it from the machine's hostname (or from admin_host) as well as the admin_port parameters to form a URL that points to the issuer.
The proposed approach with the defaults admin_host=127.0.0.1 and admin_port=8989 would result in the following issuer field:
"iss": "http://127.0.0.1:8989/v1/auth"
|
The only problem with this approach is that it prevents the tokens from being shared across multiple MaxScale instances which would otherwise be possible in 22.08 with a pre-shared symmetric key. For this reason, it might need to be made into a user-configurable string, especially if the value of admin_host isn't the externally visible hostname of the machine.