Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POC - Rate Limiting based on a claim #6984

Open
5 tasks
shaun-nx opened this issue Dec 13, 2024 · 1 comment
Open
5 tasks

POC - Rate Limiting based on a claim #6984

shaun-nx opened this issue Dec 13, 2024 · 1 comment
Assignees
@haywoodsh @pdabelf5
Labels
poc Tasks that require investigation refined Issues that are ready to be prioritized
Milestone
v4.1.0

Comments

@shaun-nx
Copy link
Contributor

shaun-nx commented Dec 13, 2024
edited
Loading

Questions to answer, and things to consider, during this POC:

  • 1. Should nested claims be supported initially?
  • 2. What $jwt_ variables are required to expose this behaviour?
    • Discussion 4417 contains details that might help
  • 3. Can NGINX handles nested claims natively?
  • 4. Draft of the Policy interface
  • 5. Determine if TMA is required

Example code for processing nested claims:

function tokenClaimMatch(val, exp) {
    let arrayMatch = false;
    // Array claims are passed through via auth_jwt_set as strings
    // e.g. from [ "a", "b" ] to "a,b"
    if (val && val.includes(",")) {
        arrayMatch = val.split(",")
                        .map(v => v.trim())
                        .includes(exp);
    }
    return arrayMatch || val === exp;
}

Notes:

  • Look to Aha for additional details
  • This POC can ignore state sharing
@shaun-nx shaun-nx added the poc Tasks that require investigation label Dec 13, 2024
@shaun-nx shaun-nx added this to the v4.1.0 milestone Dec 13, 2024
@shaun-nx shaun-nx changed the title POC - Rate Limiting based on a claom POC - Rate Limiting based on a claim Dec 13, 2024
@github-actions GitHub Actions
Copy link

Hi @shaun-nx thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@shaun-nx shaun-nx added ready for refinement An issue that was triaged and it is ready to be refined refined Issues that are ready to be prioritized and removed ready for refinement An issue that was triaged and it is ready to be refined labels Jan 6, 2025
@lucacome lucacome moved this to In Progress 🛠 in NGINX Ingress Controller Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haywoodsh haywoodsh

@pdabelf5 pdabelf5

Labels
poc Tasks that require investigation refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Status: In Progress 🛠
Milestone
v4.1.0
Development

No branches or pull requests
3 participants
@haywoodsh @shaun-nx @pdabelf5