[#MXS-4217] Make JWT signatures configurable

[MXS-4217] Make JWT signatures configurable Created: 2022-07-25 Updated: 2022-08-01 Resolved: 2022-08-01
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	REST-API
Affects Version/s:	None
Fix Version/s:	22.08.0

Type:

New Feature

Priority:

Major

Reporter:

markus makela

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Description

The JWT signatures in the REST API currently use HS256 (HMAC with SHA-256) as the only signature algorithm. Adding support for other hash sizes (HS384 and HS512) as well as asymmetric key algorithms (RS, PS, ES and Ed families) makes the security of the tokens used by the API easily controllable by the end user.

In addition, the ability to share tokens between Maxscale instances can be done by either making the symmetric key used by MaxScale configurable (currently uses a random key) or by adding support for asymmetric key verification using a set of pre-defined certificates.

Generated at Thu Feb 08 04:27:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4217] Make JWT signatures configurable Created: 2022-07-25 Updated: 2022-08-01 Resolved: 2022-08-01