Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jwt support tasks take 2 #2

Open
wants to merge 14 commits into
base: jwt
Choose a base branch
from
Open

Jwt support tasks take 2 #2

wants to merge 14 commits into from

Conversation

jregistr
Copy link

Hey @ryantxu , here's the second round of PR for your JWT authentication PR.

With this PR, I'm aiming to target the remaining tasks for this PR.

  • Improve Documentation
  • Test reload keys via TTL
  • Test expect fields (iss, aud, etc)
  • Test google tokens

Feel free to let me know what you deem is missing and I can send a follow-up PR or add to this one.

Special notes for your reviewer:
I updated the jwt_test_data.google.json file. I did this so I could get a new JWT value from App engine for testing.
I then updated and added a new test case to jwt_test.go.

For enabling testing the refreshing token on TTL, I updated the jwt file to use an interface Http Client and to use a type TimeNow for getting the current time. I then mocked these and added a new test case
to ``jwt_test.go`.

I then went through the docs and while considering the implementation, I made some updates.

And lastly, I noticed when I ran make build-go, it failed and suggested I run go mod vendor. I ran this and committed the results. Please let me know if this is not needed and I can remove that commit.

I hope you are well.

Cheers!

@jregistr
Copy link
Author

Linking the related PR here for posterity: #2
and perhaps to inform Stale Bot 😄

@jregistr jregistr mentioned this pull request Apr 14, 2020
Closed
7 tasks
felipebn and others added 6 commits May 1, 2020 17:27
@felipebn
Fix JWT auth expected claims config parse
305a252 
Before it was not parsing JSON config due that the
check for the JSON prefix was inverted.

Also it would parse the config a key:value pairs due
to missing else block, which would leave the expected
claims map in a unexpected state.
@felipebn
Add specific validation for Audience
d8965d4 
By JWT spec audience may be an array therefore the previous claim
validation logic could not work for it.

Now audience is validated considering that it may be an array and
the expected audience is checked to be contained in it or by
equality if it's a single string.
@felipebn
Refactor JWT auth tests to remove convey
5178357 
As indicated in the contribution guidelines, the project should not
keep using convey as test library.

Tests were refactored to use the standard `testing` library and
`testify` to perform assertions.
@felipebn
Add unit test with Cloudflare Access JWT
20523ad 
Including a unit test to validate that the JWT auth works
correctly with Cloudflare Access JWTs.
@felipebn
Refactor JWT auth test data into separated dir
35603db 
Moving the JWT test files into a separated directory as done in other
packages of Grafana project.
@jregistr
Merge pull request #1 from felipebn/jwt-support-for-cloudflare-access
ca9eede 
Jwt support for cloudflare access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jregistr @felipebn