specify a grace period to allow an request with expired jwt when using jwt auth filter
#7.693 aberto em 23 de jul. de 2019
Métricas do repositório
- Stars
- (27.997 stars)
- Métricas de merge de PR
- (Mesclagem média 8d) (378 fundiu PRs em 30d)
Description
[feature request] When using jwt auth filter we should be able to specify a grace period to allow an request with expired jwt for the specified amount of time?
Or may be provide a way to forward the requests with expired JWT to a different upstream.
Use Cases: There will be some occasions where the client will not be able to get the latest jwt token as the jwt issuer might be down or jwt token issuer might be stormed with many token issue requests at a specific time and that it can serve only some of them. for that time period when client sends a expired JWT we can allow the request to succeed. Or if this is a anti pattern we can simply allow that request to be forwarded to a different upstream cluster for handling that requests with expired jwts.