Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support JWT extraction from cookies in jwt_authn #17424

Closed
theshubhamp opened this issue Jul 20, 2021 · 5 comments · Fixed by #17721
Closed

Support JWT extraction from cookies in jwt_authn #17424

theshubhamp opened this issue Jul 20, 2021 · 5 comments · Fixed by #17721
Labels
area/jwt_authn enhancement Feature requests. Not bugs or questions.

Comments

@theshubhamp
Copy link
Contributor

theshubhamp commented Jul 20, 2021
edited
Loading

Title: Support JWT extraction from cookies in jwt_authn

Description:
It's common for JWTs to be sent as HttpOnly cookies from a browser. jwt_authn currently supports extraction from headers and query parameters but lacks the ability to work with cookies.

It can be made to work with cookies by using a combination of these 3 filters as discussed on #7025's comment:
header_to_metatdata -> metadata to header (using Lua ) -> jwt_authn

Adding first party support to extract from cookies will make doing this much easier.
@theshubhamp theshubhamp added enhancement Feature requests. Not bugs or questions. triage Issue requires triage labels Jul 20, 2021
@theshubhamp
Copy link
Contributor Author

theshubhamp commented Jul 20, 2021
edited
Loading

Looked at the structure of jwt_authn and I believe it can be done this way:

  • Add from_cookies to config schema that accepts cookie names as a list (similar to from_params)
  • Change extractor.cc to extract cookies from requests.

I can contribute a PR if the community thinks this would be a good addition

@htuch
Copy link
Member

htuch commented Jul 21, 2021

Seems a reasonable feature. @qiwzhang WDYT?

@htuch htuch added area/jwt_authn and removed triage Issue requires triage labels Jul 21, 2021
@tilgovi
Copy link

tilgovi commented Aug 6, 2021

Came here from #7025 to say that I would find this useful and am currently using header_to_metadata -> lua -> jwt_authn.

@qiwzhang
Copy link
Contributor

Yes, it will be a good feature to have.

@theshubhamp
Copy link
Contributor Author

Great, I'll try it out and send a PR

@theshubhamp theshubhamp mentioned this issue Aug 15, 2021
Merged
@theshubhamp theshubhamp mentioned this issue Aug 23, 2021
Merged
lizan pushed a commit that referenced this issue Sep 3, 2021
@theshubhamp
jwt_authn: Support extraction of JWT from Cookies in JWT Extension (#…
143083c 
…17721)

Support extraction of JWT from Cookies in JWT Extension

Added "from_cookies" config directive to jwt_authn that enables JWT extraction from request cookies.

Risk Level: low
Testing: unit tests
Docs Changes: Updated `docs/root/configuration/http/http_filters/jwt_authn_filter.rst`
Release Notes: Updated `docs/root/version_history/current.rst`
Platform Specific Features: None

Fixes #17424

Signed-off-by: Shubham Patil <theshubhamp@gmail.com>
@theshubhamp theshubhamp mentioned this issue Sep 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/jwt_authn enhancement Feature requests. Not bugs or questions.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

jwt_authn: Support extraction of JWT from Cookies in JWT Extension
4 participants
@tilgovi @htuch @qiwzhang @theshubhamp