Ability to set auth_jwt_leeway in policy resource

[anderius]

Overview

When configuring a JWT Policy, the ability to set the "Leeway" is very valuable, as it ensures that JWTs that:

1. Are close to being expired, or
2. Have been created recently, and is close to the nbf (Not Before) claim, can still be processed.

This is a mechanism to account for potential clock skews.

Acceptance Criteria

• Allow the auth_jwt_leeway directive to be configured when deploying a jwt style policy

Additional Context

Currently, we must use snippets to configure auth_jwt_leeway (see https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_leeway).

It would be very nice if that was configurable directly in the policy resource (see https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource/#jwt-using-jwks-from-remote-location).

[github-actions]

Hi @anderius thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

[shaun-nx]

Hi @anderius just wanted to update you on this.
I originally thought our work to enable Rate Limiting with JWT would overlap with this work.
I don't believe we'll get to this work by release v4.1.0 at this point.
We'll do our best to add this capability in a future release. Once I know which release that will be I will let you know.