Merge pull request #11 from Brainnwave/version-bump

rename to build.yml

Author: agilezebra

.github/workflows/go.yml renamed to .github/workflows/build.yml

@@ -1,7 +1,7 @@
 # This workflow will build a golang project
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
 
-name: Go
+name: Build
 on:
   push:
     branches: 

README.md

@@ -1,12 +1,13 @@
-[![Go](https://brainnwave.com/badges/jwt-middleware/status.svg)](https://github.com/Brainnwave/jwt-middleware/actions/workflows/go.yml)
-[![Coverage](https://s3.amazonaws.com/brainnwave.assets/badges/jwt/coverage.svg)](https://github.com/Brainnwave/jwt-middleware/actions/workflows/go.yml)
+[![Build](https://github.com/Brainnwave/jwt-middleware/actions/workflows/build.yml/badge.svg)](https://github.com/Brainnwave/jwt-middleware/actions/workflows/build.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Brainnwave_jwt-middleware&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=Brainnwave_jwt-middleware)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=Brainnwave_jwt-middleware&metric=coverage)](https://sonarcloud.io/summary/new_code?id=Brainnwave_jwt-middleware)
 
 # Dynamic JWT Validation Middleware
 
 This is a middleware plugin for [Traefik](https://github.com/containous/traefik) with the following features:
 * Validation of JSON Web Tokens in cookies, headers, and/or query string parameters for access control.
-* Dynamic lookup of public keys from the well-known JWKS endpoint of whitelisted issuers.
-* HTTP redirects for unauthorized and forbidden calls when configured in interactive mode.
+* Dynamic lookup of public keys from the well-known OpenID configuration of whitelisted issuers.
+* Configurable HTTP redirects for unauthorized and forbidden calls in interactive mode.
 * Flexible claim checks, including optional wildcards and Go template interpolation.
 
 ## Configuration
@@ -17,15 +18,15 @@ experimental:
   plugins:
     jwt:
       moduleName: github.com/Brainnwave/jwt-middleware
-      version: v1.1.7
+      version: v1.1.8
 ```
 1b. or with command-line options:
 
 ```yaml
 command:
   ...
   - "--experimental.plugins.jwt.modulename=github.com/Brainnwave/jwt-middleware"
-  - "--experimental.plugins.jwt.version=v1.1.7"
+  - "--experimental.plugins.jwt.version=v1.1.8"
 ```
 
 2) Configure and activate the plugin as a middleware in your dynamic traefik config:

jwt.go

@@ -83,7 +83,7 @@ type TemplateRequirement struct {
 // CreateConfig creates the default plugin configuration.
 func CreateConfig() *Config {
 	return &Config{
-		ValidMethods: []string{"RS256", "RS512", "ES256", "ES384", "ES512", "HS256"},
+		ValidMethods: []string{"RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256"},
 		CookieName:   "Authorization",
 		HeaderName:   "Authorization",
 		ForwardToken: true,

jwt_test.go

@@ -389,6 +389,16 @@ func TestServeHTTP(tester *testing.T) {
 			Method:     jwt.SigningMethodRS256,
 			HeaderName: "Authorization",
 		},
+		{
+			Name:   "SigningMethodRS384",
+			Expect: http.StatusOK,
+			Config: `
+				require:
+					aud: test`,
+			Claims:     `{"aud": "test"}`,
+			Method:     jwt.SigningMethodRS384,
+			HeaderName: "Authorization",
+		},
 		{
 			Name:   "SigningMethodRS512",
 			Expect: http.StatusOK,
@@ -1092,12 +1102,12 @@ func createTokenAndSaveKey(test *Test, config *Config) string {
 	var public interface{}
 	var publicPEM string
 	switch method {
-	case jwt.SigningMethodHS256:
+	case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
 		if config.Secret == "" {
 			panic(fmt.Errorf("secret is required for %s", method.Alg()))
 		}
 		private = []byte(config.Secret)
-	case jwt.SigningMethodRS256, jwt.SigningMethodRS512:
+	case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
 		secret, err := rsa.GenerateKey(rand.Reader, 2048)
 		if err != nil {
 			panic(err)