-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor JWT matching logic #20578
Comments
CC @qiwzhang @envoyproxy/api-shepherds |
I can try to do it |
Sure, please go ahead. I can help with the review. Thanks |
@tpetkov-VMW really appreciated, I've assigned the issue to you. |
@tpetkov-VMW would this also consolidate the matching types available so that jwt_authn supports all listed in RouteMatch? I was about to create an issue regarding metadata matching having no effect in jwt_authn rules, hence me asking. |
Looks like the best solution will be to extend
@htuch - Can you help out? The question is twofold.
Here's a patch below, that would trigger the error
|
I'm not sure if the addition of just Taking a step back, I think the way to wrap this in a sensible way is to have both RDS and JWT use generic matchers, where you have inherent sharing of code @snowp @kyessenov @qiwzhang |
As per #20145, we have duplicative matching logic in core router and JWT filter. This seems a maintenance, testing and security concern. I think with some modest refactoring, we could move this match logic to a common library. This is a fairly straightforward refactoring I think (famous last words).
The text was updated successfully, but these errors were encountered: