Make a unique nonce as optional check in jwtproxy #10090
Labels
kind/enhancement
A feature request - must adhere to the feature request template.
status/open-for-dev
An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it.
Description
There is a plan to secure tooling servers with authentication that are done by coreos/jwtproxy. But there is a thing that prevents us to use it: a requirement to use a unique nonce for each request.
While the main client of tooling servers is IDE in a browser, where is no a way to generate a token, because it is not secure to provide a client with a private key. So, we are not able to provide new token from server side for each client's request. It is why do we need to disable this check.
It is planned to create a fork and make these changes there, build custom image and use it.
For the same time, create a PR to coreos/jwtproxy and when it will be merged just configure it and use default
jwtproxy
imageOS and version:
Diagnostics:
The text was updated successfully, but these errors were encountered: