envoyproxy/envoy

specify a grace period to allow an request with expired jwt when using jwt auth filter

Open

#7693 aperta il 23 lug 2019

Vedi su GitHub
 (2 commenti) (1 reazione) (0 assegnatari)C++ (5373 fork)batch import
design proposalenhancementhelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

[feature request] When using jwt auth filter we should be able to specify a grace period to allow an request with expired jwt for the specified amount of time?

Or may be provide a way to forward the requests with expired JWT to a different upstream.

Use Cases: There will be some occasions where the client will not be able to get the latest jwt token as the jwt issuer might be down or jwt token issuer might be stormed with many token issue requests at a specific time and that it can serve only some of them. for that time period when client sends a expired JWT we can allow the request to succeed. Or if this is a anti pattern we can simply allow that request to be forwarded to a different upstream cluster for handling that requests with expired jwts.

Guida contributor