Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to set auth_jwt_leeway in policy resource #6827

Open
1 task
anderius opened this issue Nov 19, 2024 · 1 comment
Open
1 task

Ability to set auth_jwt_leeway in policy resource #6827

anderius opened this issue Nov 19, 2024 · 1 comment
Labels
proposal An issue that proposes a feature request ready for refinement An issue that was triaged and it is ready to be refined
Milestone
v4.1.0

Comments

@anderius
Copy link

anderius commented Nov 19, 2024
edited by shaun-nx
Loading

Overview

When configuring a JWT Policy, the ability to set the "Leeway" is very valuable, as it ensures that JWTs that:

  1. Are close to being expired, or
  2. Have been created recently, and is close to the nbf (Not Before) claim, can still be processed.

This is a mechanism to account for potential clock skews.

Acceptance Criteria

  • Allow the auth_jwt_leeway directive to be configured when deploying a jwt style policy

Additional Context

Currently, we must use snippets to configure auth_jwt_leeway (see https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_leeway).

It would be very nice if that was configurable directly in the policy resource (see https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource/#jwt-using-jwks-from-remote-location).
@anderius anderius added the proposal An issue that proposes a feature request label Nov 19, 2024
@github-actions GitHub Actions
Copy link

Hi @anderius thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@shaun-nx shaun-nx added this to the v4.1.0 milestone Nov 27, 2024
@shaun-nx shaun-nx added the ready for refinement An issue that was triaged and it is ready to be refined label Nov 27, 2024
@lucacome lucacome moved this to Prioritized backlog in NGINX Ingress Controller Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal An issue that proposes a feature request ready for refinement An issue that was triaged and it is ready to be refined
Projects
NGINX Ingress Controller
Status: Prioritized backlog
Milestone
v4.1.0
Development

No branches or pull requests
2 participants
@anderius @shaun-nx