envoyproxy/envoy

specify a grace period to allow an request with expired jwt when using jwt auth filter

Open

#7,693 opened on 2019年7月23日

GitHub で見る
 (2 comments) (1 reaction) (0 assignees)C++ (5,373 forks)batch import
design proposalenhancementhelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (平均マージ 8d) (30d で 378 merged PRs)

説明

[feature request] When using jwt auth filter we should be able to specify a grace period to allow an request with expired jwt for the specified amount of time?

Or may be provide a way to forward the requests with expired JWT to a different upstream.

Use Cases: There will be some occasions where the client will not be able to get the latest jwt token as the jwt issuer might be down or jwt token issuer might be stormed with many token issue requests at a specific time and that it can serve only some of them. for that time period when client sends a expired JWT we can allow the request to succeed. Or if this is a anti pattern we can simply allow that request to be forwarded to a different upstream cluster for handling that requests with expired jwts.

コントリビューターガイド