envoyproxy/envoy

specify a grace period to allow an request with expired jwt when using jwt auth filter

Open

#7 693 ouverte le 23 juil. 2019

Voir sur GitHub
 (2 commentaires) (1 réaction) (0 assignés)C++ (5 373 forks)batch import
design proposalenhancementhelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

[feature request] When using jwt auth filter we should be able to specify a grace period to allow an request with expired jwt for the specified amount of time?

Or may be provide a way to forward the requests with expired JWT to a different upstream.

Use Cases: There will be some occasions where the client will not be able to get the latest jwt token as the jwt issuer might be down or jwt token issuer might be stormed with many token issue requests at a specific time and that it can serve only some of them. for that time period when client sends a expired JWT we can allow the request to succeed. Or if this is a anti pattern we can simply allow that request to be forwarded to a different upstream cluster for handling that requests with expired jwts.

Guide contributeur