Add built-in function(s) to verify JWT signatures #421

tsandall · 2017-08-18T16:06:26Z

The current io.jwt.decode built-in doesn't perform any crypto verification of the signature. As mentioned in #417, it would be nice if OPA could verify JWT signatures.

I could see this working one of a few ways (in order of preference):

Add new crypto built-ins to verify signatures independent of JWTs.
Modify the existing JWT decode built-in to to support verification (e.g., add a key param that if set would enable verification).
Add a new JWT decode built-in that also verifies the signature.

The text was updated successfully, but these errors were encountered:

Fixes open-policy-agent#421 removed blank line updated test added command info documentation wrap the error messages used buitin URL decode method moved verify token code in tokens module

Fixes #421 removed blank line updated test added command info documentation wrap the error messages used buitin URL decode method moved verify token code in tokens module

tsandall added the enhancement label Aug 18, 2017

tsandall mentioned this issue Jan 10, 2018

Token signature validation #549

Closed

ashutosh-narkar mentioned this issue Mar 6, 2018

Rs256 jwt signature verification #640

Merged

tsandall closed this as completed in #640 Mar 6, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add built-in function(s) to verify JWT signatures #421

Add built-in function(s) to verify JWT signatures #421

tsandall commented Aug 18, 2017

Add built-in function(s) to verify JWT signatures #421

Add built-in function(s) to verify JWT signatures #421

Comments

tsandall commented Aug 18, 2017