diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua index 0d33346e759c..8209aa5e293a 100644 --- a/apisix/plugins/jwt-auth.lua +++ b/apisix/plugins/jwt-auth.lua @@ -35,7 +35,8 @@ local schema = { secret = {type = "string"}, algorithm = { type = "string", - enum = {"HS256", "HS384", "HS512", "RS256", "ES256"} + enum = {"HS256", "HS512", "RS256"}, + default = "HS256" }, exp = {type = "integer", minimum = 1}, base64_secret = { @@ -85,10 +86,6 @@ function _M.check_schema(conf) conf.secret = ngx_encode_base64(resty_random.bytes(32, true)) end - if not conf.algorithm then - conf.algorithm = "HS256" - end - if not conf.exp then conf.exp = 60 * 60 * 24 end @@ -207,11 +204,11 @@ local function gen_token() local jwt_token = jwt:sign( auth_secret, { - header={ + header = { typ = "JWT", alg = consumer.auth_conf.algorithm }, - payload={ + payload = { key = key, exp = ngx_time() + consumer.auth_conf.exp } diff --git a/doc/plugins/jwt-auth.md b/doc/plugins/jwt-auth.md index 03b6c9232e37..1f5aa1e1cfc0 100644 --- a/doc/plugins/jwt-auth.md +++ b/doc/plugins/jwt-auth.md @@ -41,7 +41,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/) for more informatio | ------------- | ------- | ----------- | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | key | string | required | | | different `consumer` have different value, it's unique. different `consumer` use the same `key`, and there will be a request matching exception. | | secret | string | optional | | | encryption key. if you do not specify, the value is auto-generated in the background. | -| algorithm | string | optional | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | encryption algorithm. | +| algorithm | string | optional | "HS256" | ["HS256", "HS512", "RS256"] | encryption algorithm. | | exp | integer | optional | 86400 | [1,...] | token's expire time, in seconds | | base64_secret | boolean | optional | false | | whether secret is base64 encoded | diff --git a/doc/zh-cn/plugins/jwt-auth.md b/doc/zh-cn/plugins/jwt-auth.md index aa7126c41fb7..2d431e421815 100644 --- a/doc/zh-cn/plugins/jwt-auth.md +++ b/doc/zh-cn/plugins/jwt-auth.md @@ -42,7 +42,7 @@ | ------------- | ------- | ------ | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | | key | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key` ,将会出现请求匹配异常。 | | secret | string | 可选 | | | 加密秘钥。如果您未指定,后台将会自动帮您生成。 | -| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | 加密算法 | +| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] | 加密算法 | | exp | integer | 可选 | 86400 | [1,...] | token 的超时时间 | | base64_secret | boolean | 可选 | false | | 密钥是否为 base64 编码 |