From bccffbf6dee00cffa60afe97efab163a41d20cd5 Mon Sep 17 00:00:00 2001 From: jbc5099 Date: Tue, 14 Jul 2020 16:58:52 -0600 Subject: [PATCH 1/2] Added algorithm option to jwt policy --- lib/policies/jwt/index.js | 4 ++++ lib/policies/jwt/jwt.js | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/policies/jwt/index.js b/lib/policies/jwt/index.js index 85f7a3251..3ab340470 100644 --- a/lib/policies/jwt/index.js +++ b/lib/policies/jwt/index.js @@ -38,6 +38,10 @@ module.exports = { type: 'boolean', default: true, description: 'Value istructing the gateway whether verify the sub against the internal SOC' + }, + algorithms: { + type: 'array', + description: 'If defined, limits valid jwts to specified algorithms' } }, required: ['jwtExtractor', 'checkCredentialExistence'], diff --git a/lib/policies/jwt/jwt.js b/lib/policies/jwt/jwt.js index e4f2896bc..787f656ce 100644 --- a/lib/policies/jwt/jwt.js +++ b/lib/policies/jwt/jwt.js @@ -14,7 +14,8 @@ module.exports = function (params) { secretOrKey, jwtFromRequest: extractor, audience: params.audience, - issuer: params.issuer + issuer: params.issuer, + algorithms: params.algorithms }, (jwtPayload, done) => { if (!jwtPayload) { return done(null, false); From 7ae36e883ad4e0e056b9c8f87bfb1d1b7879b0c7 Mon Sep 17 00:00:00 2001 From: jbc5099 Date: Fri, 17 Jul 2020 12:00:35 -0600 Subject: [PATCH 2/2] made schema more explicit --- lib/policies/jwt/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/policies/jwt/index.js b/lib/policies/jwt/index.js index 3ab340470..6d749bad7 100644 --- a/lib/policies/jwt/index.js +++ b/lib/policies/jwt/index.js @@ -41,6 +41,7 @@ module.exports = { }, algorithms: { type: 'array', + items: { type: 'string', enum: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'] }, description: 'If defined, limits valid jwts to specified algorithms' } },