Isaac Reath created CASSSIDECAR-334:
---------------------------------------
Summary: Add support for stateless JWT authentication using public
keys
Key: CASSSIDECAR-334
URL: https://issues.apache.org/jira/browse/CASSSIDECAR-334
Project: Sidecar for Apache Cassandra
Issue Type: Improvement
Reporter: Isaac Reath
Assignee: Isaac Reath
Currently, the ReloadingJwtAuthenticationHandler supports authenticating JWTs
using any OpenID-compatible provider via the [Vert.x OAuth2 authentication
provider|https://vertx.io/docs/vertx-auth-oauth2/java/].
To broaden JWT support beyond OpenID-based providers, we propose extending the
ReloadingJwtAuthenticationHandler to also support authentication using the
[Vert.x JWT authentication
provider|https://vertx.io/docs/vertx-auth-jwt/java/]. This would enable support
for non-OIDC JWT providers that expose their signing keys via a public
PEM-encoded endpoint.
To achieve this, we will introduce a new configuration parameter,
jwt_auth_type, which allows users to choose between:
* oauth (default): for OpenID/OAuth2-based JWT authentication
* stateless: for direct public key verification using the Vert.x JWT provider
This enhancement enables flexible support for stateless JWT authentication in
environments where OpenID Connect is not available or desired.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
