spacewander commented on a change in pull request #2594:
URL: https://github.com/apache/apisix/pull/2594#discussion_r517833837
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -200,6 +211,51 @@ function _M.rewrite(conf, ctx)
end
+local function sign_jwt_with_HS(key, auth_conf)
+ local auth_secret = get_secret(auth_conf)
+ local jwt_token = jwt:sign(
+ auth_secret,
+ {
+ header = {
+ typ = "JWT",
+ alg = auth_conf.algorithm
+ },
+ payload = {
+ key = key,
+ exp = ngx_time() + auth_conf.exp
+ }
+ }
+ )
+ return jwt_token
+end
+
+
+local function sign_jwt_with_RS256(key, auth_conf)
+ local ok, jwt_token = pcall(jwt.sign, _M,
+ auth_conf.private_key,
+ {
+ header = {
+ typ = "JWT",
+ alg = auth_conf.algorithm,
+ x5c={
+ auth_conf.public_key,
+ }
+ },
+ payload = {
+ key = key,
+ exp = ngx_time() + auth_conf.exp
+ }
+ }
+ )
+ if not ok then
+ core.log.warn("failed to sign jwt, " ..
+ "check the private key and public key of the consumer to whom
the key belongs.")
Review comment:
We should report the error message from the `jwt_token.reason`
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -200,6 +211,51 @@ function _M.rewrite(conf, ctx)
end
+local function sign_jwt_with_HS(key, auth_conf)
+ local auth_secret = get_secret(auth_conf)
+ local jwt_token = jwt:sign(
Review comment:
Need to call the sign with `pcall`. It is the issue of origin code, but
I think we can fix it now. The error handling function can be extracted and
shared between different `sign_jwt_with` functions.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
