Skip to content

POC - Rate Limiting based on a claim #6984

New issue
New issue
Closed
Task
Closed
POC - Rate Limiting based on a claim#6984
Task
Assignees
haywoodshpdabelf5
Labels
pocTasks that require investigationrefinedIssues that are ready to be prioritized
Milestone
 
v5.0.0
@shaun-nx

Description

@shaun-nx
shaun-nx
opened on Dec 13, 2024

Questions to answer, and things to consider, during this POC:

  • 1. Should nested claims be supported initially?
  • 2. What $jwt_ variables are required to expose this behaviour?
    • Discussion 4417 contains details that might help
  • 3. Can NGINX handles nested claims natively?
  • 4. Draft of the Policy interface
  • 5. Determine if TMA is required

Example code for processing nested claims:

function tokenClaimMatch(val, exp) {
    let arrayMatch = false;
    // Array claims are passed through via auth_jwt_set as strings
    // e.g. from [ "a", "b" ] to "a,b"
    if (val && val.includes(",")) {
        arrayMatch = val.split(",")
                        .map(v => v.trim())
                        .includes(exp);
    }
    return arrayMatch || val === exp;
}

Notes:

  • Look to Aha for additional details
  • This POC can ignore state sharing

Metadata

Metadata

Assignees

Labels

pocTasks that require investigationrefinedIssues that are ready to be prioritized

Type

Projects

NGINX Ingress Controller

Status

Done 🚀

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions